diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4536db6..7b1c3e8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -26,7 +26,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v6 with: - version: v1.60 + version: v1.62 only-new-issues: true testing: runs-on: ubuntu-latest diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml index 5bba3c9..28b879a 100644 --- a/.github/workflows/verify.yaml +++ b/.github/workflows/verify.yaml @@ -33,7 +33,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v6 with: - version: v1.60 + version: v1.62 only-new-issues: true cross-build-darwin: diff --git a/cmd/probe.go b/cmd/probe.go index 286fed7..3479a66 100644 --- a/cmd/probe.go +++ b/cmd/probe.go @@ -26,9 +26,10 @@ import ( ) type probeOptions struct { - verbose bool - ppv1, ppv2 bool - sni string + verbose bool + showCertDetails bool + ppv1, ppv2 bool + sni string } var probeOpts probeOptions @@ -72,6 +73,9 @@ used instead of the literal endpoint host name.`, if probeOpts.sni != "" { proberOptions.ServerNameIndication = probeOpts.sni } + if probeOpts.showCertDetails { + proberOptions.PrintCertDetails = true + } prober, err := probe.NewProber(proberOptions) if err != nil { @@ -98,6 +102,7 @@ used instead of the literal endpoint host name.`, } cmd.Flags().BoolVar(&probeOpts.verbose, "verbose", false, "be verbose, output logs") + cmd.Flags().BoolVar(&probeOpts.showCertDetails, "cert-details", false, "show certificate details (SANs, validity)") cmd.Flags().BoolVar(&probeOpts.ppv1, "proxy-protocol-v1", false, "send proxy protocol v1 headers") cmd.Flags().BoolVar(&probeOpts.ppv2, "proxy-protocol-v2", false, "send proxy protocol v2 headers") cmd.Flags().StringVar(&probeOpts.sni, "sni", "", "set SNI for TLS handshake (defaults to endpoint host)") diff --git a/pkg/probe/probe.go b/pkg/probe/probe.go index a6707f1..b771879 100644 --- a/pkg/probe/probe.go +++ b/pkg/probe/probe.go @@ -43,6 +43,7 @@ type ProbeOptions struct { Endpoint string ProxyProtocolMode ProxyProtocolMode ServerNameIndication string + PrintCertDetails bool } type Signal struct { @@ -61,7 +62,13 @@ type Signal struct { var errTLSFailure = fmt.Errorf("TLS failure") +func (s Signal) DetailedString() string { + return s.stringer(true) +} func (s Signal) String() string { + return s.stringer(false) +} +func (s Signal) stringer(printCertDetails bool) string { parts := []string{s.Path} if s.Error != nil { parts = append(parts, "ERROR=\""+s.Error.Error()+"\"") @@ -81,14 +88,14 @@ func (s Signal) String() string { if s.PeerSubject != "" { parts = append(parts, "peer-subject="+s.PeerSubject) } - if len(s.SANs) > 0 { + if len(s.SANs) > 0 && printCertDetails { parts = append(parts, "SANs="+strings.Join(s.SANs, ",")) } - if !s.ValidityNotBefore.IsZero() { + if !s.ValidityNotBefore.IsZero() && printCertDetails { parts = append(parts, "validity-not-before="+s.ValidityNotBefore.Format(time.RFC3339)) } - if !s.ValidityNotAfter.IsZero() { + if !s.ValidityNotAfter.IsZero() && printCertDetails { parts = append(parts, "validity-not-after="+s.ValidityNotAfter.Format(time.RFC3339)) } @@ -108,6 +115,7 @@ type prober struct { proxyProtocolMode ProxyProtocolMode sni string signals chan Signal + printCertDetails bool } func NewProber(o ProbeOptions) (*prober, error) { @@ -115,6 +123,7 @@ func NewProber(o ProbeOptions) (*prober, error) { endpoint: o.Endpoint, proxyProtocolMode: o.ProxyProtocolMode, sni: o.ServerNameIndication, + printCertDetails: o.PrintCertDetails, } var err error p.fqdn, p.port, err = net.SplitHostPort(p.endpoint) @@ -130,6 +139,7 @@ func NewProber(o ProbeOptions) (*prober, error) { } func (p *prober) Probe(ctx context.Context) error { + // TODO: implement Probe function which exposes the signal channel log := util.CtxLogOrPanic(ctx) defer log.Sync() p.signals = make(chan Signal) @@ -141,9 +151,9 @@ func (p *prober) Probe(ctx context.Context) error { for signal := range signals { if signal.Error != nil { fmt.Printf("%s FAILED: %v\n", signal.Path, signal.Error) - } else { - fmt.Printf("%s\n", signal) + continue } + fmt.Printf("%s\n", signal.stringer(p.printCertDetails)) } }(ctx, p.signals)