Health check for SSL/TLS services (#177)

* protocol: starttls: add timeout support Signed-off-by: Charles Decoux <charles@phowork.fr> * protocol: add ssl support Signed-off-by: Charles Decoux <charles@phowork.fr>
2021-09-30 22:15:17 +02:00
parent 289d834587
commit 30cb7b6ec8
4 changed files with 110 additions and 4 deletions
--- a/client/client.go
+++ b/client/client.go
@ -38,7 +38,11 @@ func CanPerformStartTLS(address string, config *Config) (connected bool, certifi
 	if len(hostAndPort) != 2 {
 		return false, nil, errors.New("invalid address for starttls, format must be host:port")
 	}
-	smtpClient, err := smtp.Dial(address)
+	conn, err := net.DialTimeout("tcp", address, config.Timeout)
+	if err != nil {
+	    return
+	}
+	smtpClient, err := smtp.NewClient(conn, hostAndPort[0])
 	if err != nil {
 		return
 	}
@ -57,6 +61,28 @@ func CanPerformStartTLS(address string, config *Config) (connected bool, certifi
 	return true, certificate, nil
 }

+// CanPerformTLS checks whether a connection can be established to an address using the TLS protocol
+func CanPerformTLS(address string, config *Config) (connected bool, certificate *x509.Certificate, err error) {
+	conn, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, nil)
+	if err != nil {
+	    return
+	}
+	defer conn.Close()
+
+	verifiedChains := conn.ConnectionState().VerifiedChains
+	if len(verifiedChains) == 0 {
+	    return
+	}
+
+	chain := verifiedChains[0] // VerifiedChains[0] == PeerCertificates[0]
+	if len(chain) == 0 {
+	    return
+	}
+
+	certificate = chain[0]
+	return true, certificate, nil
+}
+
 // Ping checks if an address can be pinged and returns the round-trip time if the address can be pinged
 //
 // Note that this function takes at least 100ms, even if the address is 127.0.0.1