extern/web-check
1
0
Fork 0
mirror of https://github.com/Lissy93/web-check.git synced 2025-06-03 17:05:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve SSL check, by useing direct TLS connection and listen for secureConnect event

Browse Source
This commit is contained in:
Alicia Sykes 2023-08-26 13:09:08 +01:00
parent b6b0c25966
commit 749a61358c
1 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
api/ssl.js
View File

@ -1,43 +1,40 @@
const https = require('https'); const tls = require('tls');
const middleware = require('./_common/middleware'); const middleware = require('./_common/middleware');
const urlModule = require('url');
const fetchSiteCertificateHandler = async (urlString) => { const fetchSiteCertificateHandler = async (urlString) => {
try { try {
const parsedUrl = urlModule.parse(urlString); const parsedUrl = new URL(urlString);
const options = { const options = {
host: parsedUrl.hostname, host: parsedUrl.hostname,
port: parsedUrl.port || 443, // Default port for HTTPS port: parsedUrl.port || 443,
method: 'GET', servername: parsedUrl.hostname,
servername: parsedUrl.hostname, // For SNI rejectUnauthorized: false,
rejectUnauthorized: false // Disable strict SSL verification (use with caution)
}; };
const response = await new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const req = https.request(options, res => { const socket = tls.connect(options, () => {
if (!socket.authorized) {
// Check if the SSL handshake was authorized return reject(new Error(`SSL handshake not authorized. Reason: ${socket.authorizationError}`));
if (!res.socket.authorized) {
reject(new Error(`SSL handshake not authorized. Reason: ${res.socket.authorizationError}`));
} else {
let cert = res.socket.getPeerCertificate(true);
if (!cert || Object.keys(cert).length === 0) {
reject(new Error("No certificate presented by the server."));
} else {
const { raw, issuerCertificate, ...certWithoutRaw } = cert;
resolve(certWithoutRaw);
}
} }
const cert = socket.getPeerCertificate();
if (!cert || Object.keys(cert).length === 0) {
return reject(new Error(`
No certificate presented by the server.\n
The server is possibly not using SNI (Server Name Indication) to identify itself, and you are connecting to a hostname-aliased IP address.
Or it may be due to an invalid SSL certificate, or an incomplete SSL handshake at the time the cert is being read.`));
}
const { raw, issuerCertificate, ...certWithoutRaw } = cert;
resolve(certWithoutRaw);
socket.end();
}); });
req.on('error', error => { socket.on('error', (error) => {
reject(new Error(`Error fetching site certificate: ${error.message}`)); reject(new Error(`Error fetching site certificate: ${error.message}`));
}); });
req.end();
}); });
return response;
} catch (error) { } catch (error) {
throw new Error(error.message); throw new Error(error.message);
} }