Skip to content
This repository has been archived by the owner on Jun 7, 2019. It is now read-only.

globalsign/certlint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

130 Commits

asn1

asn1

 
 

certdata

certdata

 
 

checks

checks

 
 

errors

errors

 
 

examples

examples

 
 

testdata

testdata

 
 

.travis.yml

.travis.yml

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

certlint.go

certlint.go

 
 

certlint_test.go

certlint_test.go

 
 

Repository files navigation

certlint

Build Status Go Report Card Coverage Status GoDoc

X.509 certificate linter written in Go

General

This package is a work in progress.

Please keep in mind that:

  • This is an early release and may contain bugs or false reports
  • Not all checks have been fully implemented or verified against the standard
  • CLI flag, APIs and CSV export are subject to change

Code contributions and tests are highly welcome!

Installation

To install from source, just run:

go get -u github.com/globalsign/certlint
go install github.com/globalsign/certlint

CLI: Usage

The 'certlint' command line utility included with this package can be used to test a single certificate or a large pem container to bulk test millions of certificates. The command is used to test the linter on a large number of certificates but could use fresh up to reduce code complexity.

Usage of ./certlint:
  -bulk string
        Bulk certificates file
  -cert string
        Certificate file
  -errlevel string
        Exit non-zero for Errors at this level (default "error")
  -expired
        Test expired certificates
  -help
        Show this help
  -include
        Include certificates in report
  -issuer string
        Certificate file
  -pprof
        Generate pprof profile
  -report string
        Report filename (default "report.csv")
  -revoked
        Check if certificates are revoked
CLI: One certificate
$ certlint -cert certificate.pem
CLI: One certificate, exiting non-zero for Warning and above
$ certlint -errlevel warning -cert certificate.pem
CLI: A series of PEM encoded certificates
$ certlint -bulk largestore.pem
CLI: Testing expired certificates
$ certlint -expired -bulk largestore.pem
API: Usage

Import one or all of these packages:

import "github.com/globalsign/certlint/asn1"
import "github.com/globalsign/certlint/certdata"
import "github.com/globalsign/certlint/checks"

You can import all available checks:

_ "github.com/globalsign/certlint/checks/extensions/all"
_ "github.com/globalsign/certlint/checks/certificate/all"

Or you can just import a restricted set:

// Check for certificate (ext) KeyUsage extension
_ "github.com/globalsign/certlint/checks/extensions/extkeyusage"
_ "github.com/globalsign/certlint/checks/extensions/keyusage"

// Also check the parsed certificate (ext) keyusage content
_ "github.com/globalsign/certlint/checks/certificate/extkeyusage"
_ "github.com/globalsign/certlint/checks/certificate/keyusage"
API: Check ASN.1 value formatting
al := new(asn1.Linter)
e := al.CheckStruct(der)
if e != nil {
  for _, err := range e.List() {
    fmt.Println(err)
  }
}
API: Check certificate details
d, err := certdata.Load(der)
if err == nil {
  e := checks.Certificate.Check(d)
  if e != nil {
    for _, err := range e.List() {
      fmt.Println(err)
    }
  }
}

About

X.509 certificate linter, written in Go

Topics

go golang certificate linter x509 pki asn1

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

60 stars

Watchers

10 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages