-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathssl-check.go
79 lines (68 loc) · 1.3 KB
/
ssl-check.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package main
import (
"crypto/tls"
"fmt"
"net"
"strings"
"time"
)
type SSLCheckRecord struct {
Host string
Port string
Error error
IPs []net.IP
ExpiresOn *time.Time
CheckTime *time.Time
}
func SSLCheck(hostPort string) (*SSLCheckRecord, error) {
checkSet := &SSLCheckRecord{}
// validate
switch str := strings.Split(hostPort, ":"); len(str) {
case 2: // host + port
checkSet.Host = str[0]
checkSet.Port = str[1]
case 1: // hostname only
checkSet.Host = str[0]
checkSet.Port = "443"
default:
return nil, fmt.Errorf("invalid hostPort: %s", hostPort)
}
// check
checkSet.check()
return checkSet, nil
}
func (p *SSLCheckRecord) check() {
defer func() {
t := time.Now().Local()
p.CheckTime = &t
if p.ExpiresOn != nil {
t := p.ExpiresOn.Local()
p.ExpiresOn = &t
}
}()
// ip lookup
if ips, err := net.LookupIP(p.Host); err != nil {
p.Error = fmt.Errorf("can't lookup ip: %v", err)
return
} else {
p.IPs = ips
}
// check
conn, err := tls.DialWithDialer(
&net.Dialer{
Timeout: time.Second * 5,
},
"tcp",
fmt.Sprintf("%s:%s", p.Host, p.Port),
&tls.Config{
ServerName: p.Host,
},
)
if err != nil {
p.Error = err
return
}
defer conn.Close()
state := conn.ConnectionState()
p.ExpiresOn = &state.PeerCertificates[0].NotAfter
}