Home

Awesome

certlint

Build Status Go Report Card Coverage Status GoDoc

X.509 certificate linter written in Go

General

This package is a work in progress.

Please keep in mind that:

Code contributions and tests are highly welcome!

Installation

To install from source, just run:

go get -u github.com/globalsign/certlint
go install github.com/globalsign/certlint

CLI: Usage

The 'certlint' command line utility included with this package can be used to test a single certificate or a large pem container to bulk test millions of certificates. The command is used to test the linter on a large number of certificates but could use fresh up to reduce code complexity.

Usage of ./certlint:
  -bulk string
        Bulk certificates file
  -cert string
        Certificate file
  -errlevel string
        Exit non-zero for Errors at this level (default "error")
  -expired
        Test expired certificates
  -help
        Show this help
  -include
        Include certificates in report
  -issuer string
        Certificate file
  -pprof
        Generate pprof profile
  -report string
        Report filename (default "report.csv")
  -revoked
        Check if certificates are revoked
CLI: One certificate
$ certlint -cert certificate.pem
CLI: One certificate, exiting non-zero for Warning and above
$ certlint -errlevel warning -cert certificate.pem
CLI: A series of PEM encoded certificates
$ certlint -bulk largestore.pem
CLI: Testing expired certificates
$ certlint -expired -bulk largestore.pem
API: Usage

Import one or all of these packages:

import "github.com/globalsign/certlint/asn1"
import "github.com/globalsign/certlint/certdata"
import "github.com/globalsign/certlint/checks"

You can import all available checks:

_ "github.com/globalsign/certlint/checks/extensions/all"
_ "github.com/globalsign/certlint/checks/certificate/all"

Or you can just import a restricted set:

// Check for certificate (ext) KeyUsage extension
_ "github.com/globalsign/certlint/checks/extensions/extkeyusage"
_ "github.com/globalsign/certlint/checks/extensions/keyusage"

// Also check the parsed certificate (ext) keyusage content
_ "github.com/globalsign/certlint/checks/certificate/extkeyusage"
_ "github.com/globalsign/certlint/checks/certificate/keyusage"
API: Check ASN.1 value formatting
al := new(asn1.Linter)
e := al.CheckStruct(der)
if e != nil {
  for _, err := range e.List() {
    fmt.Println(err)
  }
}
API: Check certificate details
d, err := certdata.Load(der)
if err == nil {
  e := checks.Certificate.Check(d)
  if e != nil {
    for _, err := range e.List() {
      fmt.Println(err)
    }
  }
}