Created
May 23, 2016 07:09
-
-
Save gtank/4a9850b626576dba8c4f0a817c6d69f8 to your computer and use it in GitHub Desktop.
checks the cert for storage.googleapis.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/sha256" | |
"crypto/tls" | |
"encoding/hex" | |
"fmt" | |
"log" | |
"strings" | |
) | |
// Google Internet Authority G2 intermediate, expires 31 Dec 2016 | |
const GIA_G2_SHA256 = "A4124FDAF9CAC7BAEE1CAB32E3225D746500C09F3CF3EBB253EF3FBB088AFD34" | |
func main() { | |
conn, err := tls.Dial("tcp", "storage.googleapis.com:443", nil) | |
if err != nil { | |
log.Fatal(err) | |
} | |
defer conn.Close() | |
certificates := conn.ConnectionState().PeerCertificates | |
for _, cert := range certificates { | |
digest := sha256.Sum256(cert.Raw) | |
hexDigest := strings.ToUpper(hex.EncodeToString(digest[:])) | |
fmt.Printf("%s|%s\n", cert.Subject.CommonName, hexDigest) | |
if cert.Subject.CommonName == "Google Internet Authority G2" { | |
if hexDigest != GIA_G2_SHA256 { | |
log.Fatal("The Google intermediate had the wrong hash. Suggest you flee.") | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment