UNPKG

@passmarked/ssl

Version:

Rules that relate to checking the SSL configuration of each individual resolved server from the domain to ensure locked down config with the broadest compatibility

github.com/passmarked/ssl

passmarked/ssl

48 lines (34 loc) 1.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
/** * Handles checking for missing certificates in our chain **/ module.exports = exports = function(payload, params, fn) { // local params var expectedCerts = params.expected; var suppliedCerts = params.supplied; var presentableCerts = params.merged; var address = params.address; // pull out the params we can use var client = params.client; // loop the certs we have and report any we might be missing for(var i = 0; i < presentableCerts.length; i++) { // still deciding if this is worth actually telling the // users about as roots can be usefull for older devices continue; // check the collection if(presentableCerts[i].type == 'root') { // add the rule payload.addRule({ key: 'chain.root', message: 'Root certificate should not be returned in chain', type: 'notice' }, { display: 'chain', chain: presentableCerts, message: 'Root certificate $ on address $ can be removed to save some bandwidth', identifiers: [ presentableCerts[i].commonName, address ] }); } } // finish fn(null); };