1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
package main
import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"net"
"os"
)
func getcert(socket string) (*x509.Certificate, error){
host, _, err := net.SplitHostPort(socket)
if err != nil {
return nil, err
}
conn, err := tls.Dial("tcp", socket, &tls.Config{InsecureSkipVerify: true})
if err != nil {
return nil, err
}
defer conn.Close()
cstate := conn.ConnectionState()
opts := x509.VerifyOptions{
DNSName: host,
Intermediates: x509.NewCertPool(),
}
for _, cert := range cstate.PeerCertificates[1:] {
opts.Intermediates.AddCert(cert)
}
cert := cstate.PeerCertificates[0]
_, err = cert.Verify(opts)
return cert, err
}
func main() {
for _, socket := range os.Args[1:] {
cert, err := getcert(socket)
if cert == nil {
fmt.Fprintf(os.Stderr, "Could not get certificate for socket %q: %q\n", socket, err)
os.Exit(1)
}
block := pem.Block{
Type: "CERTIFICATE",
Headers: map[string]string{"X-Socket": socket},
Bytes: cert.Raw,
}
if err != nil {
block.Headers["X-Error"] = err.Error()
}
pem.Encode(os.Stdout, &block)
}
}
|