Skip to content

Commit 61f43c7

Browse files
wuriyanto48wuriyanto48
committed
feat: ssl status: add host name verifier, add now and not after verifier
1 parent f435ec9 commit 61f43c7

File tree

1 file changed

+37
-11
lines changed

1 file changed

+37
-11
lines changed

services/sslstatus/sslcheck.go

Lines changed: 37 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -8,37 +8,63 @@ import (
88
)
99

1010
func checkSSLExpiry(domain string) string {
11-
conn, err := tls.Dial("tcp", domain+":443", &tls.Config{})
11+
conn, err := tls.Dial("tcp", domain+":443", &tls.Config{
12+
InsecureSkipVerify: true,
13+
})
1214
if err != nil {
1315
return fmt.Sprintf("error: %s - %v\n", strings.TrimPrefix(domain, "*."), err)
1416
}
15-
1617
defer conn.Close()
1718

1819
cleanDomain := strings.TrimPrefix(domain, "*.")
19-
2020
certs := conn.ConnectionState().PeerCertificates
21+
2122
if len(certs) > 0 {
2223
cert := certs[0]
23-
daysLeft := int(time.Until(cert.NotAfter).Hours() / 24)
2424

2525
status := "Info"
26-
if daysLeft <= 30 {
27-
status = "Warning"
28-
} else if daysLeft <= 15 {
26+
27+
// checking whether the certificate matches the domain being checked
28+
if err := cert.VerifyHostname(cleanDomain); err != nil {
2929
status = "Danger"
30-
} else if daysLeft <= 7 {
30+
return fmt.Sprintf("%s: invalid SSL: cert for %s does not match (%s)\n",
31+
status,
32+
cleanDomain,
33+
cert.Subject.CommonName)
34+
}
35+
36+
issuer := cert.Issuer.CommonName
37+
sub := cert.Issuer.CommonName
38+
fmt.Println(issuer, " | ", sub)
39+
40+
expiredDate := cert.NotAfter.Format(time.RFC1123)
41+
42+
if cert.NotAfter.Before(time.Now()) {
43+
status = "Danger"
44+
return fmt.Sprintf("%s: SSL %s expired on %s\n",
45+
status,
46+
cleanDomain,
47+
expiredDate)
48+
}
49+
50+
daysLeft := int(time.Until(cert.NotAfter).Hours() / 24)
51+
52+
if daysLeft <= 7 {
3153
status = "Critical"
54+
} else if daysLeft <= 15 {
55+
status = "Danger"
56+
} else if daysLeft <= 30 {
57+
status = "Warning"
3258
}
3359

34-
return fmt.Sprintf("%s: %s will expire in %d days (%s)\n",
60+
return fmt.Sprintf("%s: SSL %s will expire in %d days (%s)\n",
3561
status,
3662
cleanDomain,
3763
daysLeft,
38-
cert.NotAfter.Format(time.RFC1123))
64+
expiredDate)
3965
}
4066

41-
return fmt.Sprintf("failed to perform a TLS handshake for the domain: %s \n", cleanDomain)
67+
return fmt.Sprintf("failed to perform a TLS handshake for the domain: %s\n", cleanDomain)
4268
}
4369

4470
func checkSSLExpiryMulti(domains []string) string {

0 commit comments

Comments
 (0)