Massive refactoring, struct cleanup, supporting more features
	
		
			
	
		
	
	
		
	
		
			Some checks failed
		
		
	
	
		
			
				
	
				continuous-integration/drone/push Build is failing
				
			
		
		
	
	
				
					
				
			
		
			Some checks failed
		
		
	
	continuous-integration/drone/push Build is failing
				
			Features: - Protocol lists (http, https), managed by http responses - Working TLS Checks - Root certificate parsing for TLS checks - Moving configuration into a Config struct, no more direct viper access
This commit is contained in:
		
							
								
								
									
										46
									
								
								util/certificates.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										46
									
								
								util/certificates.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,46 @@ | ||||
| package util | ||||
|  | ||||
| import ( | ||||
| 	"crypto/x509" | ||||
| 	"github.com/gwatts/rootcerts/certparse" | ||||
| 	log "github.com/sirupsen/logrus" | ||||
| 	"net/http" | ||||
| ) | ||||
|  | ||||
| const ( | ||||
| 	defaultDownloadURL = "https://github.com/mozilla/gecko-dev/blob/master/security/nss/lib/ckfw/builtins/certdata.txt?raw=true" | ||||
| ) | ||||
|  | ||||
| func LoadCACerts() (*x509.CertPool, error) { | ||||
| 	res, err := http.Get(defaultDownloadURL) | ||||
|  | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
|  | ||||
| 	defer res.Body.Close() | ||||
|  | ||||
| 	certs, err := certparse.ReadTrustedCerts(res.Body) | ||||
|  | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
|  | ||||
| 	pool := x509.NewCertPool() | ||||
|  | ||||
| 	var count int | ||||
|  | ||||
| 	for _, cert := range certs { | ||||
| 		if cert.Trust&certparse.ServerTrustedDelegator == 0 { | ||||
| 			continue | ||||
| 		} | ||||
|  | ||||
| 		count++ | ||||
|  | ||||
| 		pool.AddCert(cert.Cert) | ||||
| 	} | ||||
|  | ||||
| 	log.WithField("certs", count).Info("Loaded root cas") | ||||
|  | ||||
| 	return pool, nil | ||||
| } | ||||
		Reference in New Issue
	
	Block a user