18 lines
580 B
Plaintext
18 lines
580 B
Plaintext
stealchain-server
|
|
|
|
This is a utility to extract the verified X.509 chain from a TLS
|
|
connection initiated by another client. It listens on a port, and
|
|
for each connection, it will dump the certificates that the peer
|
|
actually sent (and not the verified chain that is built from this).
|
|
|
|
It was written to assist in debugging issues with certificate chains.
|
|
|
|
There are a few knobs:
|
|
|
|
-listen specifies the address to listen on.
|
|
|
|
-ca allows the trusted CA roots to be specified via a PEM bundle of
|
|
root certificates.
|
|
|
|
-verify requires that the client present a valid certificate chain.
|