gtank/tlsprint.go

## tlsprint.go
package main

import (
	"crypto/sha256"
	"crypto/tls"
	"encoding/hex"
	"fmt"
	"log"
	"strings"
)

// Google Internet Authority G2 intermediate, expires 31 Dec 2016
const GIA_G2_SHA256 = "A4124FDAF9CAC7BAEE1CAB32E3225D746500C09F3CF3EBB253EF3FBB088AFD34"

func main() {
	conn, err := tls.Dial("tcp", "storage.googleapis.com:443", nil)
	if err != nil {
		log.Fatal(err)
	}
	defer conn.Close()
	certificates := conn.ConnectionState().PeerCertificates
	for _, cert := range certificates {
		digest := sha256.Sum256(cert.Raw)
		hexDigest := strings.ToUpper(hex.EncodeToString(digest[:]))
		fmt.Printf("%s|%s\n", cert.Subject.CommonName, hexDigest)
		if cert.Subject.CommonName == "Google Internet Authority G2" {
			if hexDigest != GIA_G2_SHA256 {
				log.Fatal("The Google intermediate had the wrong hash. Suggest you flee.")
			}
		}
	}
}
	package main

	import (
	"crypto/sha256"
	"crypto/tls"
	"encoding/hex"
	"fmt"
	"log"
	"strings"
	)

	// Google Internet Authority G2 intermediate, expires 31 Dec 2016
	const GIA_G2_SHA256 = "A4124FDAF9CAC7BAEE1CAB32E3225D746500C09F3CF3EBB253EF3FBB088AFD34"

	func main() {
	conn, err := tls.Dial("tcp", "storage.googleapis.com:443", nil)
	if err != nil {
	log.Fatal(err)
	}
	defer conn.Close()
	certificates := conn.ConnectionState().PeerCertificates
	for _, cert := range certificates {
	digest := sha256.Sum256(cert.Raw)
	hexDigest := strings.ToUpper(hex.EncodeToString(digest[:]))
	fmt.Printf("%s\|%s\n", cert.Subject.CommonName, hexDigest)
	if cert.Subject.CommonName == "Google Internet Authority G2" {
	if hexDigest != GIA_G2_SHA256 {
	log.Fatal("The Google intermediate had the wrong hash. Suggest you flee.")
	}
	}
	}
	}