Compare commits
2 commits
9c54f5b0fb
...
5b71e85f49
| Author | SHA1 | Date | |
|---|---|---|---|
| 5b71e85f49 | |||
| 79782a49c4 |
8 changed files with 28 additions and 23 deletions
|
|
@ -6,7 +6,7 @@ WORKDIR /src
|
|||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
COPY . .
|
||||
RUN CGO_ENABLED=0 go build -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-tls .
|
||||
RUN CGO_ENABLED=0 go build -tags standalone -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-tls .
|
||||
|
||||
FROM scratch
|
||||
COPY --from=builder /checker-tls /checker-tls
|
||||
|
|
|
|||
7
Makefile
7
Makefile
|
|
@ -6,12 +6,12 @@ CHECKER_SOURCES := main.go $(wildcard checker/*.go)
|
|||
|
||||
GO_LDFLAGS := -X main.Version=$(CHECKER_VERSION)
|
||||
|
||||
.PHONY: all plugin docker clean
|
||||
.PHONY: all plugin docker test clean
|
||||
|
||||
all: $(CHECKER_NAME)
|
||||
|
||||
$(CHECKER_NAME): $(CHECKER_SOURCES)
|
||||
go build -ldflags "$(GO_LDFLAGS)" -o $@ .
|
||||
go build -tags standalone -ldflags "$(GO_LDFLAGS)" -o $@ .
|
||||
|
||||
plugin: $(CHECKER_NAME).so
|
||||
|
||||
|
|
@ -21,5 +21,8 @@ $(CHECKER_NAME).so: $(CHECKER_SOURCES) $(wildcard plugin/*.go)
|
|||
docker:
|
||||
docker build --build-arg CHECKER_VERSION=$(CHECKER_VERSION) -t $(CHECKER_IMAGE) .
|
||||
|
||||
test:
|
||||
go test -tags standalone ./...
|
||||
|
||||
clean:
|
||||
rm -f $(CHECKER_NAME) $(CHECKER_NAME).so
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
//go:build standalone
|
||||
|
||||
package checker
|
||||
|
||||
import (
|
||||
|
|
@ -24,7 +26,7 @@ func starttlsChoices() []string {
|
|||
return protos
|
||||
}
|
||||
|
||||
// RenderForm satisfies sdk.CheckerInteractive. The fields mirror the inputs
|
||||
// RenderForm satisfies server.Interactive. The fields mirror the inputs
|
||||
// a producer checker would put into a contract.TLSEndpoint; a human fills
|
||||
// them in directly when running the checker standalone.
|
||||
func (p *tlsProvider) RenderForm() []sdk.CheckerOptionField {
|
||||
|
|
@ -75,7 +77,7 @@ func (p *tlsProvider) RenderForm() []sdk.CheckerOptionField {
|
|||
}
|
||||
}
|
||||
|
||||
// ParseForm satisfies sdk.CheckerInteractive. It turns the human inputs into
|
||||
// ParseForm satisfies server.Interactive. It turns the human inputs into
|
||||
// a single contract.TLSEndpoint, wraps it in a DiscoveryEntry, and returns
|
||||
// CheckerOptions shaped as if a happyDomain host had auto-filled
|
||||
// OptionEndpoints via AutoFillDiscoveryEntries.
|
||||
|
|
|
|||
|
|
@ -69,11 +69,11 @@ func (r *tlsRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
|
|||
func evaluateProbe(p TLSProbe) sdk.CheckState {
|
||||
subject := fmt.Sprintf("%s://%s", p.Type, p.Endpoint)
|
||||
meta := map[string]any{
|
||||
"type": p.Type,
|
||||
"host": p.Host,
|
||||
"port": p.Port,
|
||||
"sni": p.SNI,
|
||||
"issues": len(p.Issues),
|
||||
"type": p.Type,
|
||||
"host": p.Host,
|
||||
"port": p.Port,
|
||||
"sni": p.SNI,
|
||||
"issues": len(p.Issues),
|
||||
}
|
||||
if p.TLSVersion != "" {
|
||||
meta["tls_version"] = p.TLSVersion
|
||||
|
|
|
|||
|
|
@ -56,17 +56,17 @@ type TLSProbe struct {
|
|||
// IssuerAKI is the uppercase hex of the leaf's Authority Key Identifier
|
||||
// extension (i.e. the issuer cert's SKI). This is the primary lookup key
|
||||
// into the CCADB CAA Identifiers CSV ("Subject Key Identifier (Hex)").
|
||||
IssuerAKI string `json:"issuer_aki,omitempty"`
|
||||
Subject string `json:"subject,omitempty"`
|
||||
DNSNames []string `json:"dns_names,omitempty"`
|
||||
IssuerAKI string `json:"issuer_aki,omitempty"`
|
||||
Subject string `json:"subject,omitempty"`
|
||||
DNSNames []string `json:"dns_names,omitempty"`
|
||||
// Chain carries one entry per certificate presented by the server
|
||||
// (leaf first, then intermediates in order). Each entry precomputes
|
||||
// the four TLSA selector×matching_type hashes plus the raw DER so
|
||||
// DANE consumers can match without re-handshaking or re-parsing.
|
||||
Chain []CertInfo `json:"chain,omitempty"`
|
||||
ElapsedMS int64 `json:"elapsed_ms,omitempty"`
|
||||
Error string `json:"error,omitempty"`
|
||||
Issues []Issue `json:"issues,omitempty"`
|
||||
Chain []CertInfo `json:"chain,omitempty"`
|
||||
ElapsedMS int64 `json:"elapsed_ms,omitempty"`
|
||||
Error string `json:"error,omitempty"`
|
||||
Issues []Issue `json:"issues,omitempty"`
|
||||
}
|
||||
|
||||
// CertInfo describes one certificate in the presented chain together with
|
||||
|
|
|
|||
2
go.mod
2
go.mod
|
|
@ -2,4 +2,4 @@ module git.happydns.org/checker-tls
|
|||
|
||||
go 1.25.0
|
||||
|
||||
require git.happydns.org/checker-sdk-go v1.2.0
|
||||
require git.happydns.org/checker-sdk-go v1.4.0
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -1,2 +1,2 @@
|
|||
git.happydns.org/checker-sdk-go v1.2.0 h1:v4MpKAz0W3PwP+bxx3pya8w893sVH5xTD1of1cc0TV8=
|
||||
git.happydns.org/checker-sdk-go v1.2.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
|
||||
git.happydns.org/checker-sdk-go v1.4.0 h1:sO8EnF3suhNgYLRsbmCZWJOymH/oNMrOUqj3FEzJArs=
|
||||
git.happydns.org/checker-sdk-go v1.4.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
|
||||
|
|
|
|||
6
main.go
6
main.go
|
|
@ -4,7 +4,7 @@ import (
|
|||
"flag"
|
||||
"log"
|
||||
|
||||
sdk "git.happydns.org/checker-sdk-go/checker"
|
||||
"git.happydns.org/checker-sdk-go/checker/server"
|
||||
tls "git.happydns.org/checker-tls/checker"
|
||||
)
|
||||
|
||||
|
|
@ -16,8 +16,8 @@ func main() {
|
|||
flag.Parse()
|
||||
tls.Version = Version
|
||||
|
||||
server := sdk.NewServer(tls.Provider())
|
||||
if err := server.ListenAndServe(*listenAddr); err != nil {
|
||||
srv := server.New(tls.Provider())
|
||||
if err := srv.ListenAndServe(*listenAddr); err != nil {
|
||||
log.Fatalf("server error: %v", err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue