[go-nuts] Checking for expired certificates

2017-07-07 Thread gwhelbig via golang-nuts 

The golang net/http package currently does not detect an expired SSL 
certificate.

I need to detect and expired certificate (it's used in an http.Put fuction 
eventually) and report an error (flag the data back from the put as not 
secure)

Any idea how to go about doing this?

TIA,
Gary.

For example, here is a short program that checks certificates:

package main

import (
"fmt"
"net/http"
)

//  Test links from 
var urls = []string {
"https://expired.badssl.com/";,
"https://wrong.host.badssl.com/";,
"https://self-signed.badssl.com/";,
"https://untrusted-root.badssl.com/";,
"https://revoked.badssl.com/";,
"https://pinning-test.badssl.com/";,
"https://no-common-name.badssl.com/";,
"https://no-subject.badssl.com/";,
"https://incomplete-chain.badssl.com/";,
"https://sha1-intermediate.badssl.com/";,
"https://sha256.badssl.com/";,
"https://sha384.badssl.com/";,
"https://sha512.badssl.com/";,
"https://1000-sans.badssl.com/";,
"https://1-sans.badssl.com/";,
"https://ecc256.badssl.com/";,
"https://ecc384.badssl.com/";,
"https://rsa2048.badssl.com/";,
"https://rsa8192.badssl.com/"; }

func main() {

// See what happens when I access a known bad https
//
for i:= range urls {
_, err := http.Get(urls[i])
if err != nil {
fmt.Println("http.Get error: ", err)
} else {
fmt.Printf("Not so good: %s worked.\n",urls[i])
}
}
}

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [go-nuts] Checking for expired certificates

2017-07-08 Thread gwhelbig via golang-nuts 
Shawn,

I'm a little confused.

Your program prints 'Certificate for "revoked.badssl.com" from "DigiCert 
Inc" expires 2019-09-11 12:00:00 + UTC (795 days).' for the revoked 
certificate.

How do I tell that it has been revoked?

Gary.

Cr@p.  I just realized that I titled the post "expired" when my issue is 
with revoked...


On Friday, July 7, 2017 at 8:13:02 AM UTC-7, Shawn Milochik wrote:
>
> Happy Friday. 
>
> https://play.golang.org/p/gU-wTqYqlv - private 
> 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.