MCPcopy
hub / github.com/smallstep/cli / getPeerCertificates

Function getPeerCertificates

command/certificate/remote.go:35–65  ·  view source on GitHub ↗

getPeerCertificates creates a connection to a remote server and returns the list of server certificates. If the address does not contain a port then default to port 443. Params *addr*: can be a host (e.g. smallstep.com) or an IP (e.g. 127.0.0.1) *serverName*: use a specific Server Name In

(addr, serverName, roots string, insecure bool)

Source from the content-addressed store, hash-verified

33// *insecure*: do not verify that the server's certificate has been signed by
34// a trusted root
35func getPeerCertificates(addr, serverName, roots string, insecure bool) ([]*x509.Certificate, error) {
36 var (
37 err error
38 rootCAs *x509.CertPool
39 )
40 if roots != "" {
41 rootCAs, err = x509util.ReadCertPool(roots)
42 if err != nil {
43 return nil, errors.Wrapf(err, "failure to load root certificate pool from input path '%s'", roots)
44 }
45 }
46 if _, _, err := net.SplitHostPort(addr); err != nil {
47 addr = net.JoinHostPort(addr, "443")
48 }
49 tlsConfig := &tls.Config{
50 MinVersion: tls.VersionTLS12,
51 RootCAs: rootCAs,
52 }
53 if insecure {
54 tlsConfig.InsecureSkipVerify = true
55 }
56 if serverName != "" {
57 tlsConfig.ServerName = serverName
58 }
59 conn, err := tls.Dial("tcp", addr, tlsConfig)
60 if err != nil {
61 return nil, errors.Wrapf(err, "failed to connect")
62 }
63 conn.Close()
64 return conn.ConnectionState().PeerCertificates, nil
65}
66
67// trimURL returns the host[:port] if the input is a URL, otherwise returns an
68// empty string (and 'isURL:false').

Callers 6

lintActionFunction · 0.85
inspectActionFunction · 0.85
needsRenewalActionFunction · 0.85
verifyActionFunction · 0.85
fingerprintActionFunction · 0.85

Calls 1

CloseMethod · 0.45

Tested by 1

Used in the wild real call sites across dependent graphs

searching dependent graphs…