Perl version. Cleaner? No eval. No >(). One line. Relies on read to fill the bash vars. Uses Gilbert's just-one-filter-pass idea. Does the date transform at the very end in perl: would be a sec hole if $e is injected with bad things. Could easily fix with setting the $e regex from . to [-.a-zA-Z0-9]. Could also die in the END if !$e.
$ read SUBJ EXPD <<<$(openssl x509 -noout -text -in /etc/pki/tls/certs/tecnopolis.ca.crt | perl -ne '($e)=/^.*Not After : (.*)/ if !$e; ($s)=/^.*Subject: .*CN = (.*)/ if !$s; END { print $s." ".`date -d"$e" +%Y%b%d`}') $ echo s=$SUBJ e=$EXPD s=tecnopolis.ca e=2024Feb22
I like the perl approach because it has the least # of forks, and really the sky is the limit for taint cleaning and sanity checks. Plus I find it more readable than bash, and perl is highly optimized for PCRE so should be pretty fast. I also understand perl's quoting intimately vs my general haze with bash.