kyle/goutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 3 Wiki Activity

Ad expiry/revocation checking to certverify.

Browse Source
This commit is contained in:
Kyle Isom
2016-01-14 23:08:12 -08:00
parent 0851b241cd
commit 7944be7139
4 changed files with 81 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
cmd/certverify/README
View File

@@ -6,31 +6,40 @@ It does not check for revocations (though this is a planned feature),
and it does not check the hostname (it deals only in certificate files).
[ Usage ]
certverify [-ca bundle] [-f] [-i bundle] [-v] certificate
certverify [-ca bundle] [-f] [-i bundle] [-r] [-v] certificate
[ Flags ]
-ca bundle Specify the path to the CA certificate bundle
to use.
-f Force the use of the intermediate bundle, ignoring
any intermediates bundled with the certificate.
-i bundle Specify the path to the intermediate certificate
bundle to use.
-v Print extra information during the program's run.
If the certificate validates, also prints 'OK'.
-ca bundle Specify the path to the CA certificate bundle
to use.
-f Force the use of the intermediate bundle, ignoring
any intermediates bundled with the certificate.
-i bundle Specify the path to the intermediate certificate
bundle to use.
-r Print revocation and expiry information.
-v Print extra information during the program's run.
If the certificate validates, also prints 'OK'.
[ Examples ]
To verify the 'www.pem' certificate against the system roots:
$ certverify www.pem
$ echo $?
0
$ certverify www.pem
$ echo $?
0
To verify the 'www.pem' certificate against the 'ca-cert.pem' CA
certificate bundle, and seeing a mismatch:
$ certverify -ca ca-cert.pem www.pem
Verification failed: x509: certificate signed by unknown authority
$ echo $?
1
$ certverify -ca ca-cert.pem www.pem
Verification failed: x509: certificate signed by unknown authority
$ echo $?
1
Using the stealchain (../stealchain) util, print revocation and expiry
information for google.com:
$ stealchain google.com
[+] wrote google.com.pem.
$ certverify -r google.com.pem
certificate expires in 53d.