Support checking full chain

[rdoeffinger]

It currently cannot detect if some intermediate is expiring. This could happen if the certificate chain was not updated for example. Maybe this is a job for a different tool that checks validity more thoroughly like checkssl, but those don't have the email notification feature... Just as a proof-of-concept, this truly horrible code below kind of works. As very minimum I expect it needs to have a command-line option to enable or disable, and it would be better if it could work with file inputs as well.

@@ -674,7 +674,7 @@
         OPTIONS="-connect ${1}:${2} -servername ${1} $TLSFLAG"
     fi

-    echo "" | "${OPENSSL}" s_client $OPTIONS 2> "${ERROR_TMP}" 1> "${CERT_TMP}"
+    echo "" | "${OPENSSL}" s_client $OPTIONS -showcerts 2> "${ERROR_TMP}" 1> "${CERT_TMP}"

     if "${GREP}" -i "Connection refused" "${ERROR_TMP}" > /dev/null; then
         prints "${1}" "${2}" "Connection refused" "Unknown"
@@ -699,6 +699,13 @@
         set_returncode 3
     else
         check_file_status "${CERT_TMP}" "${1}" "${2}"
+        next_cert_line=$(${GREP} -n "BEGIN CERTIFICATE" "${CERT_TMP}" | ${SED} -e 's/:.*//' | tail -n +2 | head -n 1)
+        while test -n "${next_cert_line}"; do
+            tail -n "+${next_cert_line}" "${CERT_TMP}" > "${ERROR_TMP}"
+            mv "${ERROR_TMP}" "${CERT_TMP}"
+            check_file_status "${CERT_TMP}" "${1}" "${2}"
+            next_cert_line=$(${GREP} -n "BEGIN CERTIFICATE" "${CERT_TMP}" | ${SED} -e 's/:.*//' | tail -n +2 | head -n 1)
+   done
     fi
 }