Skip to content
This repository has been archived by the owner on Jun 7, 2019. It is now read-only.

globalsign/certlint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

130 Commits
asn1
asn1
 
 
certdata
certdata
 
 
checks
checks
 
 
errors
errors
 
 
examples
examples
 
 
testdata
testdata
 
 
.travis.yml
.travis.yml
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
certlint.go
certlint.go
 
 
certlint_test.go
certlint_test.go
 
 

Repository files navigation

certlint

Build Status Go Report Card Coverage Status GoDoc

X.509 certificate linter written in Go

General

This package is a work in progress.

Please keep in mind that:

  • This is an early release and may contain bugs or false reports
  • Not all checks have been fully implemented or verified against the standard
  • CLI flag, APIs and CSV export are subject to change

Code contributions and tests are highly welcome!

Installation

To install from source, just run:

go get -u github.com/globalsign/certlint
go install github.com/globalsign/certlint

CLI: Usage

The 'certlint' command line utility included with this package can be used to test a single certificate or a large pem container to bulk test millions of certificates. The command is used to test the linter on a large number of certificates but could use fresh up to reduce code complexity.

Usage of ./certlint:
  -bulk string
        Bulk certificates file
  -cert string
        Certificate file
  -errlevel string
        Exit non-zero for Errors at this level (default "error")
  -expired
        Test expired certificates
  -help
        Show this help
  -include
        Include certificates in report
  -issuer string
        Certificate file
  -pprof
        Generate pprof profile
  -report string
        Report filename (default "report.csv")
  -revoked
        Check if certificates are revoked
CLI: One certificate
$ certlint -cert certificate.pem
CLI: One certificate, exiting non-zero for Warning and above
$ certlint -errlevel warning -cert certificate.pem
CLI: A series of PEM encoded certificates
$ certlint -bulk largestore.pem
CLI: Testing expired certificates
$ certlint -expired -bulk largestore.pem
API: Usage

Import one or all of these packages:

import "github.com/globalsign/certlint/asn1"
import "github.com/globalsign/certlint/certdata"
import "github.com/globalsign/certlint/checks"

You can import all available checks:

_ "github.com/globalsign/certlint/checks/extensions/all"
_ "github.com/globalsign/certlint/checks/certificate/all"

Or you can just import a restricted set:

// Check for certificate (ext) KeyUsage extension
_ "github.com/globalsign/certlint/checks/extensions/extkeyusage"
_ "github.com/globalsign/certlint/checks/extensions/keyusage"

// Also check the parsed certificate (ext) keyusage content
_ "github.com/globalsign/certlint/checks/certificate/extkeyusage"
_ "github.com/globalsign/certlint/checks/certificate/keyusage"
API: Check ASN.1 value formatting
al := new(asn1.Linter)
e := al.CheckStruct(der)
if e != nil {
  for _, err := range e.List() {
    fmt.Println(err)
  }
}
API: Check certificate details
d, err := certdata.Load(der)
if err == nil {
  e := checks.Certificate.Check(d)
  if e != nil {
    for _, err := range e.List() {
      fmt.Println(err)
    }
  }
}

About

X.509 certificate linter, written in Go

Topics

go golang certificate linter x509 pki asn1

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

59 stars

Watchers

10 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages