diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-11-18 01:21:27 -0500 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-11-18 01:21:27 -0500 |
commit | c4f6d3489ef91c539ba88e372635e4d0d87e6ad2 (patch) | |
tree | fbfc8755e3ba011e789723e4407b908b39bd5aad /tls-getcerts.go | |
parent | e339617040bde6ef57f4ccc896f9feba60dbe12f (diff) |
Check crt.sh against actual used certs
Diffstat (limited to 'tls-getcerts.go')
-rw-r--r-- | tls-getcerts.go | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/tls-getcerts.go b/tls-getcerts.go new file mode 100644 index 0000000..b0d4533 --- /dev/null +++ b/tls-getcerts.go @@ -0,0 +1,35 @@ +package main + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "os" + "encoding/pem" +) + +func getcert(server string) (*x509.Certificate, error){ + conn, err := tls.Dial("tcp", fmt.Sprintf("%s:443", server), &tls.Config{ServerName: server}) + if err != nil { + return nil, err + } + defer conn.Close() + chain := conn.ConnectionState().PeerCertificates + return chain[len(chain)-2], nil +} + +func main() { + for _, server := range os.Args[1:] { + cert, err := getcert(server) + if err != nil { + fmt.Fprintf(os.Stderr, "Could not get certificate from server %q: %q\n", server, err) + os.Exit(1) + } + block := pem.Block{ + Type: "CERTIFICATE", + Headers: nil, + Bytes: cert.Raw, + } + pem.Encode(os.Stdout, &block) + } +} |