UNPKG

@passmarked/ssl

Version:

Rules that relate to checking the SSL configuration of each individual resolved server from the domain to ensure locked down config with the broadest compatibility

github.com/passmarked/ssl

passmarked/ssl

67 lines (46 loc) 1.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
/** * Handles checking for missing certificates in our chain **/ module.exports = exports = function(payload, params, fn) { // local params var expectedCerts = params.expected; var suppliedCerts = params.supplied; var presentableCerts = params.merged; var address = params.address; // pull out the params we can use var client = params.client; // loop the certs we have and report any we might be missing for(var i = 0; i < presentableCerts.length; i++) { // check the collection if((presentableCerts[i].signature || '').toLowerCase().indexOf('sha1with') === 0) { // depending on the type if(presentableCerts[i].type == 'user') { // add the rule payload.addRule({ key: 'signature', message: 'Weak signature detected on server certificate', type: 'error', }, { display: 'chain', chain: presentableCerts, message: 'Server certificate supplied by $, $ is using $ which is being phased out Dec 2016', identifiers: [ address, presentableCerts[i].commonName, 'sha1' ] }); } else if(presentableCerts[i].type != 'root') { // add the rule payload.addRule({ key: 'chain.signature', message: 'Weak signature detected on certificates in chain', type: 'notice' }, { display: 'chain', chain: presentableCerts, message: 'Certificate supplied by $, $ is using $ which is being phased out Dec 2016', identifiers: [ address, presentableCerts[i].commonName, 'sha1' ] }); } } } // finish fn(null); };