aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-04-04 14:35:55 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-04-04 14:35:55 +0200
commit1ef50ddd7f6ae07c68fec7c87c7052e4004179ea (patch)
treecdc39a97771a6316433a98e09e57c3ebd6382b0c
parentae93cfbf8cdc9cd055c59cddb4f90f436cd2e405 (diff)
Add Certs debug overview
-rw-r--r--server.go43
1 files changed, 25 insertions, 18 deletions
diff --git a/server.go b/server.go
index 3437590..d31c1d8 100644
--- a/server.go
+++ b/server.go
@@ -12,40 +12,46 @@ import (
type Server struct {
DataFile string
Routes
- SNI
+ Certs
wwwServer http.Server
tlsServer http.Server
rpcServer http.Server
}
-// SNI holds certificates
-type SNI map[string]*tls.Certificate
+// Certs holds certificates
+type Certs map[string]*tls.Certificate
// GetCertificate returns certificate for SNI negotiation
-func (s SNI) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
- if v, ok := s[h.ServerName]; ok {
+func (c Certs) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
+ if v, ok := c[h.ServerName]; ok {
return v, nil
}
return nil, fmt.Errorf("no cert for %q", h.ServerName)
}
-func (s SNI) addCertificate(cert, key []byte) error {
- c, err := tls.X509KeyPair(cert, key)
+func (c Certs) ServeHTTP(w http.ResponseWriter, _ *http.Request) {
+ for k, v := range c {
+ fmt.Fprintf(w, "%v: valid untill %v\n", k, v.Leaf.NotAfter)
+ }
+}
+
+func (c Certs) addCertificate(cert, key []byte) error {
+ crt, err := tls.X509KeyPair(cert, key)
if err != nil {
return err
}
- c.Leaf, err = x509.ParseCertificate(c.Certificate[0])
+ crt.Leaf, err = x509.ParseCertificate(crt.Certificate[0])
if err != nil {
return err
}
- if cn := c.Leaf.Subject.CommonName; cn != "" {
- s[cn] = &c
+ if cn := crt.Leaf.Subject.CommonName; cn != "" {
+ c[cn] = &crt
}
- for _, name := range c.Leaf.DNSNames {
- s[name] = &c
+ for _, name := range crt.Leaf.DNSNames {
+ c[name] = &crt
}
- for _, ip := range c.Leaf.IPAddresses {
- s[ip.String()] = &c
+ for _, ip := range crt.Leaf.IPAddresses {
+ c[ip.String()] = &crt
}
return nil
}
@@ -57,7 +63,7 @@ func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error
server := &Server{
DataFile: dataFile,
Routes: make(Routes),
- SNI: make(SNI),
+ Certs: make(Certs),
wwwServer: http.Server{Addr: listenWWW},
tlsServer: http.Server{Addr: listenTLS},
rpcServer: http.Server{Addr: listenRPC},
@@ -69,7 +75,8 @@ func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error
server.Load(dataFile)
}
registerRPC(server)
- http.Handle("/debug/route", server)
+ http.Handle("/debug/routes", server.Routes)
+ http.Handle("/debug/certs", server.Certs)
return server, server.UpdateMux()
}
@@ -98,7 +105,7 @@ func (s *Server) UpdateMux() error {
case "http", "":
wwwMux.Handle(host, NewReverseProxy(upstream))
case "https":
- err := s.SNI.addCertificate(route.Cert, route.Key)
+ err := s.Certs.addCertificate(route.Cert, route.Key)
if err != nil {
return err
}
@@ -107,7 +114,7 @@ func (s *Server) UpdateMux() error {
case "ws":
wwwMux.Handle(host, NewWebSocketProxy(upstream))
case "wss":
- err := s.SNI.addCertificate(route.Cert, route.Key)
+ err := s.Certs.addCertificate(route.Cert, route.Key)
if err != nil {
return err
}