mirror of
https://git.sr.ht/~adnano/go-gemini
synced 2024-06-10 10:16:09 +02:00
Check certificate notBefore and notAfter times
This commit is contained in:
adnano
parent
5a0f7cf631
commit
5535cff842
19
client.go
19
client.go
|
|
@ -10,6 +10,7 @@ import (
|
|||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Client errors.
|
||||
|
|
@ -218,6 +219,10 @@ func (c *Client) Send(req *Request) (*Response, error) {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Validate the certificate
|
||||
if !validCertificate(cert) {
|
||||
return ErrInvalidCertificate
|
||||
}
|
||||
// Check that the certificate is valid for the hostname
|
||||
// Use our own implementation of verifyHostname
|
||||
if err := verifyHostname(cert, req.Hostname()); err != nil {
|
||||
|
|
@ -258,6 +263,20 @@ func (c *Client) Send(req *Request) (*Response, error) {
|
|||
return resp, nil
|
||||
}
|
||||
|
||||
// validCertificate determines whether cert is a valid certificate
|
||||
func validCertificate(cert *x509.Certificate) bool {
|
||||
// Check notBefore and notAfter
|
||||
now := time.Now()
|
||||
if cert.NotBefore.After(now) {
|
||||
return false
|
||||
}
|
||||
if cert.NotAfter.Before(now) {
|
||||
return false
|
||||
}
|
||||
// No need to check hash algorithms, hopefully tls has checked for us already
|
||||
return true
|
||||
}
|
||||
|
||||
// hostname extracts the host name from a valid host or host:port
|
||||
func hostname(host string) string {
|
||||
i := strings.LastIndexByte(host, ':')
|
||||
|
|
|
|||
Loading…
Reference in New Issue