Skip to content

Commit

Permalink
Validate hostname when servername is supplied
Browse files Browse the repository at this point in the history
  • Loading branch information
@c-kruse
c-kruse committed Nov 16, 2021
1 parent 27f2410 commit 2af07de
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
5 changes: 5 additions & 0 deletions internal/cert/cert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@ func CollectMetrics(ctx context.Context, path string, cfg Config) (Metrics, erro
if err != nil {
return metrics, err
}
if cfg.ServerName != "" {
if err := cert.VerifyHostname(cfg.ServerName); err != nil {
return metrics, fmt.Errorf("error supplied servername not valid for this certificate: %v", err)
}
}
now := cfg.Now()
metrics.EvaluatedAt = now
metrics.SecondsSinceIssued = int(now.Sub(cert.NotBefore).Seconds())
Expand Down
7 changes: 7 additions & 0 deletions internal/cert/cert_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,13 @@ func TestCollectMetricsFromTLS(t *testing.T) {
SecondsSinceIssued: 0,
SecondsUntilExpires: int(duration.Seconds()),
},
}, {
Name: "error when servername not valid for cert",
Args: args{
Cert: "tcp://" + ln.Addr().String(),
ServerName: "fizz.sensu.io",
},
ExpectErr: true,
}, {
Name: "tcp servername extension local.test",
Args: args{
Expand Down

0 comments on commit 2af07de

Please # to comment.