コード例 #1
0
ファイル: tls_session.go プロジェクト: hildjj/boulder
// SessionResumeScan tests that host is able to resume sessions across all addresses.
func sessionResumeScan(host string) (grade Grade, output Output, err error) {
	var hostname, port string
	hostname, port, err = net.SplitHostPort(host)
	if err != nil {
		return
	}
	ips, err := net.LookupIP(hostname)
	if err != nil {
		return
	}
	config := defaultTLSConfig(host)
	config.ClientSessionCache = tls.NewLRUClientSessionCache(1)
	var conn *tls.Conn
	conn, err = tls.DialWithDialer(Dialer, Network, host, config)
	if err != nil {
		return
	}
	conn.Close()

	for _, ip := range ips {
		host = net.JoinHostPort(ip.String(), port)
		conn, err = tls.Dial(Network, host, config)
		if err != nil {
			return
		}
		conn.Close()
		if !conn.ConnectionState().DidResume {
			err = errors.New("did not resume")
			return
		}
	}
	grade = Good
	return
}
コード例 #2
0
ファイル: connectivity.go プロジェクト: hildjj/boulder
// tlsDialScan tests that the host can perform a TLS Handshake.
func tlsDialScan(host string) (grade Grade, output Output, err error) {
	conn, err := tls.DialWithDialer(Dialer, Network, host, defaultTLSConfig(host))
	if err != nil {
		return
	}
	conn.Close()
	grade = Good
	return
}
コード例 #3
0
ファイル: pki.go プロジェクト: hildjj/boulder
// intermediateCAScan scans for new intermediate CAs not in the trust store.
func intermediateCAScan(host string) (grade Grade, output Output, err error) {
	cidr, port, _ := net.SplitHostPort(host)
	_, ipnet, err := net.ParseCIDR(cidr)
	if err != nil {
		return Skipped, nil, nil
	}
	b, err := bundler.NewBundler(caBundleFile, intBundleFile)
	if err != nil {
		return
	}
	var wg sync.WaitGroup
	wg.Add(numWorkers)
	dialer := &net.Dialer{Timeout: timeout}
	config := &tls.Config{InsecureSkipVerify: true}
	addrs := make(chan string)
	chains := make(chan []*x509.Certificate, numWorkers)
	go func() {
		for chain := range chains {
			b.Bundle(chain, nil, bundler.Force)
		}
	}()
	for i := 0; i < numWorkers; i++ {
		go func() {
			for addr := range addrs {
				conn, err := tls.DialWithDialer(dialer, Network, addr, config)
				if err != nil {
					continue
				}
				conn.Close()
				if conn.ConnectionState().HandshakeComplete {
					chains <- conn.ConnectionState().PeerCertificates
				}
			}
			wg.Done()
		}()
	}
	for ip := ipnet.IP.To16(); ipnet.Contains(ip); incrementBytes(ip) {
		addrs <- net.JoinHostPort(ip.String(), port)
	}
	close(addrs)
	wg.Wait()
	close(chains)
	grade = Good
	return
}