Since direct SSL certificate pinning for check.torproject.org and torproject.org (curl method) (T80) would have to wait a long time, until Debian stretch, this ticket is for an alternative approach.
Please make sure you've read T80 first.
openssl s_client can be used to fetch a website:
openssl s_client -connect check.torproject.org:443
GET / HTTP/1.1 host: check.torproject.org
How can step two be automated in a script?
Can openssl s_client be used to fetch (similar to wget, curl) using direct SSL certificate pinning?
Not to be confused with SSL Certificate Authority (CA) pinning (similar to curls --cacert or --capath option)!
Similar to curls --pinnedpubkey that was added in version 7.39.0 (changelog).
Alternatively... Can one pipe curl (or wget) through openssl s_client?