Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option for detailing SSL/TLS Certificate #29

Open
InAnimaTe opened this issue Jan 27, 2017 · 5 comments
Open

Add option for detailing SSL/TLS Certificate #29

InAnimaTe opened this issue Jan 27, 2017 · 5 comments

Comments

@InAnimaTe
Copy link

This would be super useful to have for learning more about the certificate a particular site uses. It could be an add-on option (not default) which shows issuer information, if its valid, start/expire, and possibly other details.

Just an idea!
@reorx
Copy link
Owner

reorx commented Jan 27, 2017
edited

That's a good idea! I always use commands like

openssl s_client -connect reorx.com:443 -servername reorx.com | openssl x509 -noout -dates

to check the expiration date for my website, but that is ridiculously verbose and complex.
If there's a tool that can handle these TLS stuff like what httpstat do to http, life will be much easier.

Because the TLS info could not be get from curl, if we want to do this, we can only wrap around openssl and involve other command(s) in this process. To keep the simplicity and the do one thing and do it well rule, I don't think that add this feature in httpstat main cli is a very good idea, but I think this could be another tool, may be called sslstat or sth, to do this job specificly.

@reorx
Copy link
Owner

reorx commented Jan 27, 2017
edited

I know a guy who's very familiar with openssl command, he can write out all the commands you mentioned (show issuer info, if valid etc) without a blink in the eye :)

@wzyboy how do you think the idea of making that TLS cli tool?

@InAnimaTe
Copy link
Author

InAnimaTe commented Jan 27, 2017
edited

In relation to your comment about curl, I did find a command that utilizes curl and awk to pull out cert related information; not clean though:

└[~]> curl --insecure -v https://www.google.com 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }'
* Server certificate:
*  subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
*  start date: Jan 18 18:50:00 2017 GMT
*  expire date: Apr 12 18:50:00 2017 GMT
*  issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
*  SSL certificate verify ok.
* Connection #0 to host www.google.com left intact

But yeah, this would be super useful and openssl is most likely the best way to do it. In our case, pyopenssl/cryptography I'd presume would be good goto's

@wzyboy
Copy link

wzyboy commented Jan 27, 2017

Well. curl does show TLS info when being invoked with -v flag (as @InAnimaTe shows). If you do not want to add additional complecity to httpstat, you may parse the output of curl in the current codebase. @reorx

@reorx
Copy link
Owner

reorx commented Jan 27, 2017

Oops, I find that I was using a curl of version 7.43.0, which only showed very limited TLS info, I tried with the newer version and now see the expire date info. In this case it's possible to make httpstat parse and show these info in a better way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@reorx @wzyboy @InAnimaTe