#!/bin/bash
DOMAIN="git.baqi.dev"
PORT=443

echo "🔍 检测 $DOMAIN:$PORT 的 SSL/TLS 状态..."
echo "--------------------------------------------------"

# 1. 显示证书链
echo -e "\n📜 证书链信息:"
openssl s_client -connect $DOMAIN:$PORT -servername $DOMAIN -showcerts </dev/null 2>/dev/null | openssl x509 -noout -issuer -subject -dates

# 2. 检查证书过期时间
echo -e "\n⏳ 证书有效期:"
openssl s_client -connect $DOMAIN:$PORT -servername $DOMAIN </dev/null 2>/dev/null | openssl x509 -noout -dates

# 3. 测试 TLS 协议兼容性
for v in ssl3 tls1 tls1_1 tls1_2 tls1_3; do
    echo -ne "\n⚡ 测试 $v ... "
    result=$(openssl s_client -connect $DOMAIN:$PORT -servername $DOMAIN -$v </dev/null 2>&1)
    if echo "$result" | grep -q "Cipher is"; then
        echo "✅ 支持"
    else
        echo "❌ 不支持"
    fi
done

# 4. 用 curl 模拟 git
echo -e "\n🌐 使用 curl 模拟访问:"
curl -vk https://$DOMAIN/ 2>&1 | grep "SSL" || echo "curl 请求正常"

echo -e "\n✅ 检测完成。"