#! /usr/bin/env bash # # A diff canonifier that removes all X.509 public key information # which, in the specific case of the RDP protocol's misuse of # md5WithRSAEncryption, seems that OpenSSL 1.0 is able to manually # workaround by setting to rsaEncryption, but OpenSSL 1.1 still fails # to extract the key, so the corresponding fields are always removed here. awk ' BEGIN { FS="\t"; OFS="\t"; key_type_col = -1; key_length_col = -1; exponent_col = -1; curve_col = -1 } /^#/ { if ( $1 == "#fields" ) { for ( i = 2; i <= NF; ++i ) { if ( $i == "certificate.key_type" ) key_type_col = i-1; if ( $i == "certificate.key_length" ) key_length_col = i-1; if ( $i == "certificate.exponent" ) exponent_col = i-1; if ( $i == "certificate.curve" ) curve_col = i-1; } } print; next; } key_type_col > 0 { # Mark it regardless of whether it is set. $key_type_col = "x"; } key_length_col > 0 { # Mark it regardless of whether it is set. $key_length_col = "x"; } exponent_col > 0 { # Mark it regardless of whether it is set. $exponent_col = "x"; } curve_col > 0 { # Mark it regardless of whether it is set. $curve_col = "x"; } { print; } '