diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-11-18 15:43:25 -0500 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-11-18 15:43:25 -0500 |
commit | 80454ad8a77bf46b784c7ef421acf8626b2d4df6 (patch) | |
tree | a525a09f49d7a6e181c210f2ba8015444b4308fd /tls-getcerts.go | |
parent | 89fa60bdf5ed6bd729f4d7931c9603e896d38665 (diff) |
tls: track errors
Diffstat (limited to 'tls-getcerts.go')
-rw-r--r-- | tls-getcerts.go | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/tls-getcerts.go b/tls-getcerts.go index ba951c9..49e15a2 100644 --- a/tls-getcerts.go +++ b/tls-getcerts.go @@ -5,16 +5,33 @@ import ( "crypto/x509" "encoding/pem" "fmt" + "net" "os" ) func getcert(socket string) (*x509.Certificate, error){ + host, _, err := net.SplitHostPort(socket) + if err != nil { + return nil, err + } conn, err := tls.Dial("tcp", socket, &tls.Config{InsecureSkipVerify: true}) if err != nil { return nil, err } defer conn.Close() - return conn.ConnectionState().PeerCertificates[0], nil + cstate := conn.ConnectionState() + + opts := x509.VerifyOptions{ + DNSName: host, + Intermediates: x509.NewCertPool(), + } + for _, cert := range cstate.PeerCertificates[1:] { + opts.Intermediates.AddCert(cert) + } + + cert := cstate.PeerCertificates[0] + _, err = cert.Verify(opts) + return cert, err } func main() { @@ -29,6 +46,9 @@ func main() { Headers: map[string]string{"X-Socket": socket}, Bytes: cert.Raw, } + if err != nil { + block.Headers["X-Error"] = err.Error() + } pem.Encode(os.Stdout, &block) } } |