tlsquery

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2026 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CertTypeFromCert 

func CertTypeFromCert(cert *x509.Certificate) string

CertTypeFromCert determines the certificate type based on its properties.

func IsCipherSuiteSecure added in v1.1.0 

func IsCipherSuiteSecure(name string) bool

IsCipherSuiteSecure reports whether a cipher suite name is currently considered secure by Go's crypto/tls package.

func ParseCertPEM added in v0.7.0 

func ParseCertPEM(pemText string) (*x509.Certificate, error)

func SplitCipherSuitesBySecurity added in v1.1.0 

func SplitCipherSuitesBySecurity(cipherSuites []string) (secure []string, insecure []string)

SplitCipherSuitesBySecurity splits cipher suites into secure and insecure slices while preserving the input order within each slice.

func StartTLSPort added in v1.1.0 

func StartTLSPort(protocol string) (string, bool)

StartTLSPort returns the default plaintext port for a STARTTLS protocol.

func StartTLSProtocolList added in v1.1.0 

func StartTLSProtocolList() string

StartTLSProtocolList returns supported STARTTLS protocols in display order.

func StartTLSProtocols added in v1.1.0 

func StartTLSProtocols() []string

StartTLSProtocols returns the supported STARTTLS protocol names.

func ValidStartTLSProtocol added in v1.0.0 

func ValidStartTLSProtocol(protocol string) bool

ValidStartTLSProtocol returns true if the given protocol name is supported.

Types

type BasicConstraints 

type BasicConstraints struct {
	IsCA       bool `json:"is_ca" yaml:"is_ca"`
	MaxPathLen int  `json:"max_path_len,omitempty" yaml:"max_path_len,omitempty"`
}

BasicConstraints holds CA constraint information.

type CertInfo 

type CertInfo struct {
	Type               string            `json:"type" yaml:"type"`
	Version            int               `json:"version" yaml:"version"`
	SerialNumber       string            `json:"serial_number" yaml:"serial_number"`
	SignatureAlgorithm string            `json:"signature_algorithm" yaml:"signature_algorithm"`
	Issuer             string            `json:"issuer" yaml:"issuer"`
	Subject            string            `json:"subject" yaml:"subject"`
	CommonName         string            `json:"common_name" yaml:"common_name"`
	NotBefore          string            `json:"not_before" yaml:"not_before"`
	NotAfter           string            `json:"not_after" yaml:"not_after"`
	PublicKeyAlgorithm string            `json:"public_key_algorithm" yaml:"public_key_algorithm"`
	KeyLength          int               `json:"key_length" yaml:"key_length"`
	KeyUsage           []string          `json:"key_usage,omitempty" yaml:"key_usage,omitempty"`
	ExtKeyUsage        []string          `json:"extended_key_usage,omitempty" yaml:"extended_key_usage,omitempty"`
	BasicConstraints   *BasicConstraints `json:"basic_constraints,omitempty" yaml:"basic_constraints,omitempty"`
	SubjectKeyID       string            `json:"subject_key_id,omitempty" yaml:"subject_key_id,omitempty"`
	AuthorityKeyID     string            `json:"authority_key_id,omitempty" yaml:"authority_key_id,omitempty"`
	SubjectAltNames    []string          `json:"subject_alternative_names,omitempty" yaml:"subject_alternative_names,omitempty"`
	EmailAddresses     []string          `json:"email_addresses,omitempty" yaml:"email_addresses,omitempty"`
	IPAddresses        []string          `json:"ip_addresses,omitempty" yaml:"ip_addresses,omitempty"`
	OCSPServers        []string          `json:"ocsp_servers,omitempty" yaml:"ocsp_servers,omitempty"`
	IssuingCertURL     []string          `json:"issuing_cert_url,omitempty" yaml:"issuing_cert_url,omitempty"`
	CRLDistPoints      []string          `json:"crl_distribution_points,omitempty" yaml:"crl_distribution_points,omitempty"`
	Fingerprint        Fingerprint       `json:"fingerprint" yaml:"fingerprint"`
	PEM                string            `json:"pem,omitempty" yaml:"pem,omitempty"`
	Revocation         *revocation.Info  `json:"revocation,omitempty" yaml:"revocation,omitempty"`
}

CertInfo holds the extracted certificate metadata.

func CertInfoFromCert 

func CertInfoFromCert(cert *x509.Certificate) CertInfo

CertInfoFromCert creates a CertInfo from an x509.Certificate.

func (*CertInfo) DisplayName 

func (ci *CertInfo) DisplayName() string

func (*CertInfo) NotAfterTime 

func (ci *CertInfo) NotAfterTime() (time.Time, error)

func (*CertInfo) NotBeforeTime 

func (ci *CertInfo) NotBeforeTime() (time.Time, error)

type ChainInfo 

type ChainInfo struct {
	Certificates      []CertInfo       `json:"certificates" yaml:"certificates"`
	Verified          bool             `json:"verified" yaml:"verified"`
	VerificationError string           `json:"verification_error,omitempty" yaml:"verification_error,omitempty"`
	TLSVersions       []TLSVersionInfo `json:"tls_versions,omitempty" yaml:"tls_versions,omitempty"`
}

ChainInfo holds the full certificate chain.

func ParsePEM 

func ParsePEM(data []byte, opts PEMOptions) (*ChainInfo, error)

ParsePEM parses PEM-encoded certificate data and returns certificate information.

func ParsePEMFile 

func ParsePEMFile(path string, opts PEMOptions) (*ChainInfo, error)

ParsePEMFile reads a PEM file and returns certificate information for all certificates found.

func Query 

func Query(endpoint string, opts QueryOptions) (*ChainInfo, error)

Query connects to the given endpoint and retrieves certificate chain information.

func (*ChainInfo) ChainNames 

func (c *ChainInfo) ChainNames() []string

func (*ChainInfo) Leaf 

func (c *ChainInfo) Leaf() (*CertInfo, error)

func (*ChainInfo) WithoutPEM 

func (c *ChainInfo) WithoutPEM() *ChainInfo

type Fingerprint 

type Fingerprint struct {
	SHA1   string `json:"sha1" yaml:"sha1"`
	SHA256 string `json:"sha256" yaml:"sha256"`
}

Fingerprint holds SHA1 and SHA256 fingerprints of a certificate.

type PEMOptions added in v0.6.0 

type PEMOptions struct {
	CACertFile string // Path to custom CA certificate file (PEM format)
}

PEMOptions configures PEM parsing and verification behavior.

type QueryOptions 

type QueryOptions struct {
	CACertFile  string // Path to custom CA certificate file (PEM format)
	Proxy       string // Proxy URL (e.g. http://proxy:8080). If empty, HTTPS_PROXY/HTTP_PROXY env vars are used.
	TLSVersions bool   // Probe and display supported TLS versions.
	ServerName  string // SNI override for TLS handshake (useful when connecting by IP).
	StartTLS    string // STARTTLS protocol: smtp, imap, pop3, ldap.
}

QueryOptions configures the TLS query behavior.

type TLSVersionInfo added in v1.1.0 

type TLSVersionInfo struct {
	Version              string   `json:"version" yaml:"version"`
	CipherSuites         []string `json:"cipher_suites,omitempty" yaml:"cipher_suites,omitempty"`
	SecureCipherSuites   []string `json:"secure_cipher_suites,omitempty" yaml:"secure_cipher_suites,omitempty"`
	InsecureCipherSuites []string `json:"insecure_cipher_suites,omitempty" yaml:"insecure_cipher_suites,omitempty"`
}

TLSVersionInfo holds a TLS version and its supported cipher suites in server-preferred order.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.