prvPath := flag.String("key", "", "Path to client PKCS#8 private key")
casPath := flag.String("ca", "", "Path to CA certificates file")
hostname := flag.String("name", "example.com", "Expected server's hostname")
+ insecure := flag.Bool("insecure", false, "Insecure mode")
fpr := flag.String("fpr", "", "Expected SHA256 hash of server certificate's SPKI")
flag.Usage = func() {
fmt.Fprintf(os.Stderr, `Usage: tcpclient host port tlsc -name expected.name
}
cfg := &tls.Config{}
- if *hostname == "" || *onlyShow {
+ if *hostname == "" || *onlyShow || *insecure {
cfg.InsecureSkipVerify = true
- } else {
+ }
+ if *hostname != "" {
cfg.ServerName = *hostname
}
if *crtPath != "" {
}
if *casPath != "" {
var err error
- cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
+ _, cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
if err != nil {
log.Fatalln(err)
}
connState := tlsConn.ConnectionState()
if *onlyShow {
fmt.Fprintf(
- os.Stderr, "Version: %04x\nCipherSuite: %s\n",
- connState.Version, tls.CipherSuiteName(connState.CipherSuite),
+ os.Stderr,
+ "Version: %s\nCipherSuite: %s\n",
+ ucspi.TLSVersion(connState.Version),
+ tls.CipherSuiteName(connState.CipherSuite),
)
for _, cert := range connState.PeerCertificates {
os.Stderr.WriteString("\n")