Initial import.
This commit is contained in:
Kyle Isom
19
cmd/certchain/README
Normal file
19
cmd/certchain/README
Normal file
@@ -0,0 +1,19 @@
|
||||
certchain
|
||||
|
||||
This is a utility for printing the X.509 certificate chain from a TLS
|
||||
connection.
|
||||
|
||||
Note: while this will accept more than one server, it will print all
|
||||
of the chains without any indication where one chain ends and the next
|
||||
begins. This was the intended behaviour for the use case, but it may
|
||||
not be applicable in other cases.
|
||||
|
||||
There are no knobs.
|
||||
|
||||
Examples:
|
||||
$ certchain www.kyleisom.net
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFUTCCBDmgAwIBAgIQaaTVw0yZFGAYvFDKAIo4BzANBgkqhkiG9w0BAQsFADCB
|
||||
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
||||
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
|
||||
...
|
||||
39
cmd/certchain/certchain.go
Normal file
39
cmd/certchain/certchain.go
Normal file
@@ -0,0 +1,39 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"encoding/pem"
|
||||
"flag"
|
||||
"fmt"
|
||||
"regexp"
|
||||
|
||||
"github.com/kisom/goutils/die"
|
||||
)
|
||||
|
||||
var hasPort = regexp.MustCompile(`:\d+$`)
|
||||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
|
||||
for _, server := range flag.Args() {
|
||||
if !hasPort.MatchString(server) {
|
||||
server += ":443"
|
||||
}
|
||||
|
||||
var chain string
|
||||
|
||||
conn, err := tls.Dial("tcp", server, nil)
|
||||
die.If(err)
|
||||
|
||||
details := conn.ConnectionState()
|
||||
for _, cert := range details.PeerCertificates {
|
||||
p := pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: cert.Raw,
|
||||
}
|
||||
chain += string(pem.EncodeToMemory(&p))
|
||||
}
|
||||
|
||||
fmt.Println(chain)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user