Skip to content

Commit

Permalink
RiiR cert updater
Browse files Browse the repository at this point in the history
Part of rustls#39
  • Loading branch information
tshepang committed Dec 22, 2023
1 parent 0479b6e commit 8c250bb
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 21 deletions.
21 changes: 0 additions & 21 deletions src/tests/verification_real_world/update_valid_ee_certs.bash

This file was deleted.

41 changes: 41 additions & 0 deletions src/tests/verification_real_world/update_valid_ee_certs.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
#!/usr/bin/env cargo +nightly -Z script
```cargo
package.edition = "2021"
dependencies.anyhow = "1"
dependencies.reqwest.version = "0.11"
dependencies.reqwest.features = ["blocking"]
```

use std::{fs, path::Path};

fn main() -> anyhow::Result<()> {
for (domain, output_path) in [
("my.1password.com", "1password_com_valid_1.crt"),
("agilebits.com", "agilebits_com_valid_1.crt"),
("lencr.org", "letsencrypt_org_valid_1.crt"),
] {
query(domain, output_path)?;
}
Ok(())
}

fn query(domain: &str, path: &str) -> anyhow::Result<()> {
let url = format!("https://{domain}");
let response = reqwest::blocking::Client::builder()
.tls_info(true)
// avoids agilebits.com redirect, which will result in the wrong cert...
// we want the cert of agilebits.com, not of 1password.com
.redirect(reqwest::redirect::Policy::none())
.build()?
.get(url)
.send()?;
let tls_info: Option<&reqwest::tls::TlsInfo> = response.extensions().get();
if let Some(tls_info) = tls_info {
if let Some(der) = tls_info.peer_certificate() {
let path = Path::new(env!("CARGO_MANIFEST_DIR")).join(path);
eprintln!("writing DER of {domain} to {}", path.display());
fs::write(path, der)?;
}
}
Ok(())
}

0 comments on commit 8c250bb

Please sign in to comment.