Commit ab37c9e1 authored by kaiyou's avatar kaiyou

Add a TLS certificate check

parent d85f2f71
Pipeline #148 passed with stage
in 1 minute and 3 seconds
import ssl
import OpenSSL
from amonit import util
@util.wrap
def check_certificate(context, host, port):
""" Retrieve and check a TLS certificate
"""
conn = ssl.create_connection((host, port))
sock = ssl.SSLContext().wrap_socket(conn, server_hostname=host)
cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
x509 = OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM, cert
)
return {
"up": not x509.has_expired(),
"subject": x509.get_subject().commonName,
"issuer": x509.get_issuer().commonName,
"pubkey": OpenSSL.crypto.dump_publickey(
OpenSSL.crypto.FILETYPE_PEM, x509.get_pubkey()
).decode("utf8"),
"sigalgo": x509.get_signature_algorithm().decode("utf8")
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment