diff --git a/README.md b/README.md index eb73f9a..ba37077 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ Following options are supported: | -i, --password-interactive | Enter password interactively | | -I, --passphrase-interacive | Enter passphrase interactively | | -c, --config=INI-FILE | Path to config ini file | -| --insecure | Do not check TSL certificates from provider | +| --insecure | Do not check TLS certificates from provider | | --client-cert | TLS client certificate file (PEM encoded data) | | --client-key | TLS client private key file (PEM encoded data) | | -h, --help | Show help | diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go index aeff022..30406a7 100644 --- a/cmd/csaf_checker/main.go +++ b/cmd/csaf_checker/main.go @@ -24,9 +24,11 @@ import ( var reportHTML string type options struct { - Output string `short:"o" long:"output" description:"File name of the generated report" value-name:"REPORT-FILE"` - Format string `short:"f" long:"format" choice:"json" choice:"html" description:"Format of report" default:"json"` - Insecure bool `long:"insecure" description:"Do not check TSL certificates from provider"` + Output string `short:"o" long:"output" description:"File name of the generated report" value-name:"REPORT-FILE"` + Format string `short:"f" long:"format" choice:"json" choice:"html" description:"Format of report" default:"json"` + Insecure bool `long:"insecure" description:"Do not check TLS certificates from provider"` + ClientCert *string `long:"client-cert" description:"TLS client certificate file (PEM encoded data)" value-name:"CERT-FILE"` + ClientKey *string `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE"` } func errCheck(err error) { @@ -135,6 +137,11 @@ func main() { return } + if (opts.ClientCert != nil && opts.ClientKey == nil) || (opts.ClientCert == nil && opts.ClientKey != nil) { + log.Println("Both client-key and client-cert options must be set for the authentication.") + return + } + p := newProcessor(opts) report, err := p.run(buildReporters(), domains) diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go index 1ebcf47..3e32bb3 100644 --- a/cmd/csaf_checker/processor.go +++ b/cmd/csaf_checker/processor.go @@ -230,15 +230,20 @@ func (p *processor) httpClient() *http.Client { p.client = &http.Client{ CheckRedirect: p.checkRedirect, } - + var tlsConfig tls.Config if p.opts.Insecure { - p.client.Transport = &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, - }, - } + tlsConfig.InsecureSkipVerify = true + } + if p.opts.ClientCert != nil && p.opts.ClientKey != nil { + cert, err := tls.LoadX509KeyPair(*p.opts.ClientCert, *p.opts.ClientKey) + if err != nil { + log.Fatal(err) + } + tlsConfig.Certificates = []tls.Certificate{cert} + } + p.client.Transport = &http.Transport{ + TLSClientConfig: &tlsConfig, } - return p.client } diff --git a/cmd/csaf_uploader/main.go b/cmd/csaf_uploader/main.go index da73287..7b4c49e 100644 --- a/cmd/csaf_uploader/main.go +++ b/cmd/csaf_uploader/main.go @@ -46,7 +46,7 @@ type options struct { PasswordInteractive bool `short:"i" long:"password-interactive" description:"Enter password interactively" no-ini:"true"` PassphraseInteractive bool `short:"I" long:"passphrase-interacive" description:"Enter passphrase interactively" no-ini:"true"` - Insecure bool `long:"insecure" description:"Do not check TSL certificates from provider"` + Insecure bool `long:"insecure" description:"Do not check TLS certificates from provider"` Config *string `short:"c" long:"config" description:"Path to config ini file" value-name:"INI-FILE" no-ini:"true"` }