Open coindroid42 opened 3 years ago
gustavo-iniguez-goya
commented
3 years ago There's some work already done here https://github.com/evilsocket/opensnitch/tree/passive-tls-query
I improved it a little bit, but I haven't published my changes.
gustavo-iniguez-goya
commented
3 years ago 
themighty1
commented
3 years ago Maybe for starters we could show in the UI one line of the output of:
openssl s_client -brief example.com:443
Peer certificate: C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, CN = www.example.org
Would that be sufficient for your needs @coindroid42 or do you want more info?
When I allow or deny some requests, I often see the domain. I would like to know what this domain is and who issued the certificate. It would be nice to show information about the certificate. Maybe somehow further expand the information about domains. To avoid an attack through a purchased domain similar to super-arch-linux.com