SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Load client certs early to detect misconfiguration

Browse source 
* Move loading of client certificate into the TLS handling code
   to an earlier position.
This commit is contained in:
Sascha L. Teichmann 2022-07-26 18:00:07 +02:00 committed by GitHub
parent be15d43dd3
commit 1241429d19
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

17
cmd/csaf_checker/main.go
View file

@ -10,6 +10,7 @@ package main
import (
"bufio"
"crypto/tls"
_ "embed" // Used for embedding.
"encoding/json"
"fmt"
@ -35,6 +36,8 @@ type options struct {
Verbose bool `long:"verbose" short:"v" description:"Verbose output"`
Rate *float64 `long:"rate" short:"r" description:"The average upper limit of https operations per second"`
Years *uint `long:"years" short:"y" description:"Number of years to look back from now" value-name:"YEARS"`
clientCerts []tls.Certificate
}
func errCheck(err error) {
@ -46,6 +49,18 @@ func errCheck(err error) {
}
}
func (o *options) prepare() error {
// Load client certs.
if o.ClientCert != nil && o.ClientKey != nil {
cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey)
if err != nil {
return err
}
o.clientCerts = []tls.Certificate{cert}
}
return nil
}
// writeJSON writes the JSON encoding of the given report to the given stream.
// It returns nil, otherwise an error.
func writeJSON(report *Report, w io.WriteCloser) error {
@ -143,6 +158,8 @@ func main() {
return
}
errCheck(opts.prepare())
if len(domains) == 0 {
log.Println("No domains given.")
return