Initial commit

.editorconfig

@@ -0,0 +1,21 @@
+# https://editorconfig.org
+
+root = true
+
+# Global parameters for all files
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 4
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+# Go files
+[{Makefile,go.mod,go.sum,*.go}]
+indent_style = tab
+indent_size = 8
+
+# YAML file parameters
+[*.{yaml,yml}]
+indent_size = 2

.gitignore

@@ -0,0 +1,16 @@
+# IDE files
+/.idea/
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+/go-check-ssl
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Colin O'Dell
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,31 @@
+# go-check-ssl
+
+Simple command line utility to check the status of an SSL certificate.
+
+Basically, it attempts to establish a TLS connection to a server and reports back useful info about the cert's status.
+
+## Usage
+
+Either build it yourself or grab a pre-compiled download from the [Releases](https://github.com/colinodell/go-check-ssl/releases) page.
+
+To check a certificate, simply run:
+
+```bash
+./go-check-ssl [domain]
+```
+
+![](screenshot-1.png)
+
+Example of allowed arguments include:
+
+ - `example.com`
+ - `example.com:443`
+ - `https://www.example.com:443/foo/bar`
+
+By default, it'll resolve the IP of the given domain and test against that server.  But you can also use this tool to check other servers by providing two arguments: the server to test and the SNI to use.  For example:
+
+```bash
+./go-check-ssl [server] [SNI domain]
+```
+
+![](screenshot-2.png)

go.mod

@@ -0,0 +1,5 @@
+module go-check-ssl
+
+go 1.13
+
+require github.com/dustin/go-humanize v1.0.0

go.sum

@@ -0,0 +1,2 @@
+github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=

main.go

@@ -0,0 +1,155 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"net"
+	"net/url"
+	"os"
+	"reflect"
+	"strings"
+
+	"github.com/dustin/go-humanize"
+)
+
+func main() {
+	if len(os.Args) < 2 || len(os.Args) > 3 {
+		fmt.Print("go-check-ssl: Simple command line utility to check the status of an SSL certificate.\n\n")
+		fmt.Printf("Usage: %s server [domain]\n", os.Args[0])
+		fmt.Println()
+		fmt.Print("Arguments:\n")
+		fmt.Print("  - 'server' should be any valid hostname, IP, or URL to test\n")
+		fmt.Print("  - '[domain]' allows you to provide an arbitrary domain name to use for SNI\n")
+		fmt.Println()
+		fmt.Print("Example usage:\n")
+		fmt.Printf("  - %s example.com\n", os.Args[0])
+		fmt.Printf("  - %s https://www.example.com:443/foo/bar\n", os.Args[0])
+		fmt.Printf("  - %s 93.184.216.34 www.example.com\n", os.Args[0])
+		fmt.Printf("  - %s 93.184.216.34:443 www.example.com\n", os.Args[0])
+		os.Exit(1)
+	}
+
+	input := os.Args[1]
+	if !strings.Contains(input, "://") {
+		input = "https://" + input
+	}
+
+	parsedUrl, err := url.Parse(input)
+	if err != nil {
+		fmt.Printf("Invalid URL: %s\n", err)
+		os.Exit(1)
+	}
+
+	// Hostname is used for SNI
+	hostname := parsedUrl.Hostname()
+	// Server is used for the underlying connection
+	server := hostname
+	port := parsedUrl.Port()
+	if port == "" {
+		port = "443"
+	}
+
+	// Did the user provide a different hostname to use for SNI?
+	if len(os.Args) > 2 {
+		hostname = os.Args[2]
+	}
+
+	// Resolve the IP of the server
+	if addr, err := net.LookupIP(server); err == nil {
+		server = addr[0].String()
+	}
+
+	server += ":" + port
+
+	fmt.Printf("Connecting to %s as %s...\n\n", server, hostname)
+
+	var valid bool
+	if err := checkIfCertValid(server, hostname); err != nil {
+		valid = false
+		fmt.Printf("ERROR: %s\n\n", err)
+	} else {
+		valid = true
+		fmt.Printf("Cert seems to be valid\n\n")
+	}
+
+	cert, err := getCert(server, hostname)
+	if err != nil {
+		fmt.Printf("ERROR: %s\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("Issued by:  %s\n", split(cert.Issuer, 12))
+
+	fmt.Printf("Subject:    %s\n", cert.Subject)
+	fmt.Printf("DNS Names:  %s\n", split(cert.DNSNames, 12))
+
+	fmt.Printf("Expires:    %s (%s)\n", humanize.Time(cert.NotAfter), cert.NotAfter.String())
+
+	if !valid {
+		os.Exit(1)
+	}
+}
+
+func checkIfCertValid(server, hostname string) error {
+	conf := &tls.Config{
+		ServerName: hostname,
+	}
+
+	conn, err := tls.Dial("tcp", server, conf)
+	if err != nil {
+		return err
+	}
+
+	conn.Close()
+
+	return nil
+}
+
+func getCert(server, hostname string) (*x509.Certificate, error) {
+	conf := &tls.Config{
+		InsecureSkipVerify: true,
+		ServerName: hostname,
+	}
+
+	conn, err := tls.Dial("tcp", server, conf)
+	if err != nil {
+		return nil, err
+	}
+	defer conn.Close()
+
+	return conn.ConnectionState().PeerCertificates[0], nil
+}
+
+func split(value interface{}, padding int) string {
+	var lines []string
+
+	if reflect.TypeOf(value).Kind() == reflect.Slice {
+		s := reflect.ValueOf(value)
+		for i := 0; i < s.Len(); i++ {
+			lines = append(lines, fmt.Sprintf("%v", s.Index(i)))
+		}
+	} else {
+		v := fmt.Sprintf("%v", value)
+		for _, line := range strings.Split(v, "\n") {
+			lines = append(lines, line)
+		}
+	}
+
+	if len(lines) == 0 {
+		return ""
+	}
+
+	var sb strings.Builder
+
+	// No padding for the first line
+	sb.WriteString(fmt.Sprintf("%v", lines[0]))
+
+	for _, s := range lines[1:] {
+		sb.WriteString("\n")
+		sb.WriteString(strings.Repeat(" ", padding))
+		sb.WriteString(fmt.Sprintf("%v", s))
+	}
+
+	return sb.String()
+}