Add option for detailing SSL/TLS Certificate

[InAnimaTe]

This would be super useful to have for learning more about the certificate a particular site uses. It could be an add-on option (not default) which shows issuer information, if its valid, start/expire, and possibly other details.

Just an idea!

[reorx]

That's a good idea! I always use commands like

openssl s_client -connect reorx.com:443 -servername reorx.com | openssl x509 -noout -dates

to check the expiration date for my website, but that is ridiculously verbose and complex. If there's a tool that can handle these TLS stuff like what httpstat do to http, life will be much easier.

Because the TLS info could not be get from curl, if we want to do this, we can only wrap around openssl and involve other command(s) in this process. To keep the simplicity and the do one thing and do it well rule, I don't think that add this feature in httpstat main cli is a very good idea, but I think this could be another tool, may be called sslstat or sth, to do this job specificly.

[reorx]

I know a guy who's very familiar with openssl command, he can write out all the commands you mentioned (show issuer info, if valid etc) without a blink in the eye :)

@wzyboy how do you think the idea of making that TLS cli tool?

[InAnimaTe]

In relation to your comment about curl, I did find a command that utilizes curl and awk to pull out cert related information; not clean though:

└[~]> curl --insecure -v https://www.google.com 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }'
* Server certificate:
*  subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
*  start date: Jan 18 18:50:00 2017 GMT
*  expire date: Apr 12 18:50:00 2017 GMT
*  issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
*  SSL certificate verify ok.
* Connection #0 to host www.google.com left intact

But yeah, this would be super useful and openssl is most likely the best way to do it. In our case, pyopenssl/cryptography I'd presume would be good goto's

[wzyboy]

Well. curl does show TLS info when being invoked with -v flag (as @InAnimaTe shows). If you do not want to add additional complecity to httpstat, you may parse the output of curl in the current codebase. @reorx

[reorx]

Oops, I find that I was using a curl of version 7.43.0, which only showed very limited TLS info, I tried with the newer version and now see the expire date info. In this case it's possible to make httpstat parse and show these info in a better way.