Skip to content

Expired TLS check doesn't display expiration date #147

New issue
New issue
Open
Open
Expired TLS check doesn't display expiration date#147
@sergioagm

Description

@sergioagm
sergioagm
opened on Dec 16, 2020

While using the tls check, when the certificate is already expired, I expected to see the expired date just as shown in the tls.go check:

result.Times[i].Error = fmt.Sprintf("certificate expired %s ago", time.Since(leaf.NotAfter))

As far as I see, the problem is that the call to tls.DialWithDialer results in an error if the certificate already expired, so when we reach conclude(), the very first thing we do is check for errors and returning, resulting in never being able to get the expiration date.

// check errors (down)
for i := range result.Times {
	if result.Times[i].Error != "" {
		result.Down = true
		return result
	}
}

Also, even if I comment the previous validation, the connection used for DialWithDialer will be nil and we are unable to get any expiry date from it.

I tried using InsecureSkipVerify = true inside the tlsConfig but then that breaks some other useful checks, like verifying the root CA.

I'm new to golang but if anyone knows how to fix this then I can submit a PR for review.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions