| 110 | } |
| 111 | |
| 112 | func inspectAction(ctx *cli.Context) error { |
| 113 | if err := errs.MinMaxNumberOfArguments(ctx, 0, 1); err != nil { |
| 114 | return err |
| 115 | } |
| 116 | |
| 117 | isFrom := ctx.Bool("from") |
| 118 | |
| 119 | // Require --insecure |
| 120 | if !isFrom && ctx.String("ca") == "" && !ctx.Bool("insecure") { |
| 121 | return errs.InsecureCommand(ctx) |
| 122 | } |
| 123 | |
| 124 | var tlsConfig *tls.Config |
| 125 | httpClient := http.Client{} |
| 126 | if roots := ctx.String("roots"); roots != "" { |
| 127 | pool, err := x509util.ReadCertPool(roots) |
| 128 | if err != nil { |
| 129 | return err |
| 130 | } |
| 131 | tlsConfig = &tls.Config{ |
| 132 | RootCAs: pool, |
| 133 | MinVersion: tls.VersionTLS12, |
| 134 | } |
| 135 | tr := http.DefaultTransport.(*http.Transport).Clone() |
| 136 | tr.TLSClientConfig = tlsConfig |
| 137 | httpClient.Transport = tr |
| 138 | } |
| 139 | |
| 140 | crlFile := ctx.Args().First() |
| 141 | if crlFile == "" { |
| 142 | crlFile = "-" |
| 143 | } |
| 144 | |
| 145 | var isURL bool |
| 146 | for _, p := range []string{"http://", "https://"} { |
| 147 | if strings.HasPrefix(strings.ToLower(crlFile), p) { |
| 148 | isURL = true |
| 149 | break |
| 150 | } |
| 151 | } |
| 152 | |
| 153 | var caCerts []*x509.Certificate |
| 154 | if filename := ctx.String("ca"); filename != "" { |
| 155 | var err error |
| 156 | if caCerts, err = pemutil.ReadCertificateBundle(filename); err != nil { |
| 157 | return err |
| 158 | } |
| 159 | } |
| 160 | |
| 161 | if isFrom { |
| 162 | var bundle []*x509.Certificate |
| 163 | if isURL { |
| 164 | u, err := url.Parse(crlFile) |
| 165 | if err != nil { |
| 166 | return errors.Wrapf(err, "error parsing %s", crlFile) |
| 167 | } |
| 168 | if _, _, err := net.SplitHostPort(u.Host); err != nil { |
| 169 | u.Host = net.JoinHostPort(u.Host, "443") |