diff options
Diffstat (limited to 'tls-getcerts.go')
-rw-r--r-- | tls-getcerts.go | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/tls-getcerts.go b/tls-getcerts.go index ba951c9..49e15a2 100644 --- a/tls-getcerts.go +++ b/tls-getcerts.go @@ -5,16 +5,33 @@ import ( "crypto/x509" "encoding/pem" "fmt" + "net" "os" ) func getcert(socket string) (*x509.Certificate, error){ + host, _, err := net.SplitHostPort(socket) + if err != nil { + return nil, err + } conn, err := tls.Dial("tcp", socket, &tls.Config{InsecureSkipVerify: true}) if err != nil { return nil, err } defer conn.Close() - return conn.ConnectionState().PeerCertificates[0], nil + cstate := conn.ConnectionState() + + opts := x509.VerifyOptions{ + DNSName: host, + Intermediates: x509.NewCertPool(), + } + for _, cert := range cstate.PeerCertificates[1:] { + opts.Intermediates.AddCert(cert) + } + + cert := cstate.PeerCertificates[0] + _, err = cert.Verify(opts) + return cert, err } func main() { @@ -29,6 +46,9 @@ func main() { Headers: map[string]string{"X-Socket": socket}, Bytes: cert.Raw, } + if err != nil { + block.Headers["X-Error"] = err.Error() + } pem.Encode(os.Stdout, &block) } } |