sashakoshka/go-gemini
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check certificate notBefore and notAfter times

Browse Source
This commit is contained in:
adnano 2020-09-27 21:37:10 -04:00
parent 5a0f7cf631
commit 5535cff842
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
client.go
View File

@ -10,6 +10,7 @@ import (
"net/url" "net/url"
"strconv" "strconv"
"strings" "strings"
"time"
) )
// Client errors. // Client errors.
@ -218,6 +219,10 @@ func (c *Client) Send(req *Request) (*Response, error) {
if err != nil { if err != nil {
return err return err
} }
// Validate the certificate
if !validCertificate(cert) {
return ErrInvalidCertificate
}
// Check that the certificate is valid for the hostname // Check that the certificate is valid for the hostname
// Use our own implementation of verifyHostname // Use our own implementation of verifyHostname
if err := verifyHostname(cert, req.Hostname()); err != nil { if err := verifyHostname(cert, req.Hostname()); err != nil {
@ -258,6 +263,20 @@ func (c *Client) Send(req *Request) (*Response, error) {
return resp, nil return resp, nil
} }
// validCertificate determines whether cert is a valid certificate
func validCertificate(cert *x509.Certificate) bool {
// Check notBefore and notAfter
now := time.Now()
if cert.NotBefore.After(now) {
return false
}
if cert.NotAfter.Before(now) {
return false
}
// No need to check hash algorithms, hopefully tls has checked for us already
return true
}
// hostname extracts the host name from a valid host or host:port // hostname extracts the host name from a valid host or host:port
func hostname(host string) string { func hostname(host string) string {
i := strings.LastIndexByte(host, ':') i := strings.LastIndexByte(host, ':')