#! /usr/bin/env bash # # A diff canonifier that removes all X.509 Distinguished Name subject fields # because that output can differ depending on installed OpenSSL version. awk ' BEGIN { FS="\t"; OFS="\t"; s_col = -1; i_col = -1; is_col = -1; cs_col = -1; ci_col = -1; cert_subj_col = -1; cert_issuer_col = -1 } /^#/ { if ( $1 == "#fields" ) { for ( i = 2; i <= NF; ++i ) { if ( $i == "subject" ) s_col = i-1; if ( $i == "issuer" ) i_col = i-1; if ( $i == "issuer_subject" ) is_col = i-1; if ( $i == "client_subject" ) cs_col = i-1; if ( $i == "client_issuer" ) ci_col = i-1; if ( $i == "certificate.subject" ) cert_subj_col = i-1; if ( $i == "certificate.issuer" ) cert_issuer_col = i-1; } } print; next; } s_col > 0 { if ( $s_col != "-" ) # Mark that it is set, but ignore content. $s_col = "+"; } i_col > 0 { if ( $i_col != "-" ) # Mark that it is set, but ignore content. $i_col = "+"; } is_col > 0 { if ( $is_col != "-" ) # Mark that it is set, but ignore content. $is_col = "+"; } cs_col > 0 { if ( $cs_col != "-" ) # Mark that it is set, but ignore content. $cs_col = "+"; } ci_col > 0 { if ( $ci_col != "-" ) # Mark that it is set, but ignore content. $ci_col = "+"; } cert_subj_col > 0 { if ( $cert_subj_col != "-" ) # Mark that it is set, but ignore content. $cert_subj_col = "+"; } cert_issuer_col > 0 { if ( $cert_issuer_col != "-" ) # Mark that it is set, but ignore content. $cert_issuer_col = "+"; } { print; } '