UNPKG

@passmarked/ssl

Version:

Rules that relate to checking the SSL configuration of each individual resolved server from the domain to ensure locked down config with the broadest compatibility

github.com/passmarked/ssl

passmarked/ssl

83 lines (56 loc) 1.91 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
/** * Handles checking for missing certificates in our chain **/ module.exports = exports = function(payload, params, fn) { // local params var expectedCerts = params.expected; var suppliedCerts = params.supplied; var presentableCerts = params.merged; var address = params.address; // pull out the params we can use var client = params.client; // loop the certificates for(var i = 0; i < suppliedCerts.length; i++) { // the other certificate var cert = null; // get if the index matches on expected for(var a = 0; a < expectedCerts.length; a++) { // find the certificate if(suppliedCerts[i].commonName === expectedCerts[a].commonName) { // set the certificate cert = expectedCerts[a]; } } // check the order if found if(cert) { // check it if(cert.index != suppliedCerts[i].index) { // add the order rule payload.addRule({ key: 'chain.order', message: 'Invalid order to certificate chain', type: 'error' }, { display: 'chain', chain: presentableCerts, message: 'Certificate from $ was expected at position $ but found at $', identifiers: [ suppliedCerts[i].commonName, cert.index, suppliedCerts[i].index ] }) } } else if(suppliedCerts[i].type == 'intermediate') { // add the rule payload.addRule({ key: 'chain.unexpected', message: 'Unexpected certificate supplied in chain', type: 'error' }, { display: 'chain', chain: presentableCerts, message: 'Unexpected certificate $ supplied for $', identifiers: [ suppliedCerts[i].commonName, address ] }) } } // finish fn(null); };