From cbd3d8149d7f1308f4b67d96095dfcb55f102b75 Mon Sep 17 00:00:00 2001
From: Narbeh <narbeh@protonmail.com>
Date: Sat, 21 Apr 2018 10:43:32 +0430
Subject: [PATCH] Add valid Key to Context

---
 README.md      | 14 +++++++++-----
 ssl_checker.py | 10 ++++++++--
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 146ffc3..cd23c84 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 
 ## About
 
-It's a simple script running in python that collects SSL information then it returns the group of information in JSON.
+It's a simple script running in python that collects SSL information then it returns the group of information in JSON. The output will have `valid` key which shows whether or not the hostname matches the certificate.
 
 ## Requirements
 
@@ -59,26 +59,30 @@ Analyzing 7 hosts:
 Example only with the `-j` and `-p` arguments which shows the JSON only. Perfect for piping to another tool.
 
 ```
-narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -j -p -H test.com narbeh.org:443
+narbeh@narbeh-xps:~/ssl-checker$ ./ssl_checker.py -j -p -H  narbeh.org:443 test.com
 {'narbeh.org': {'cert_alg': u'sha256WithRSAEncryption',
                 'cert_exp': False,
-                'cert_sn': 319510066429286596971677345373584681421772L,
+                'cert_sn': 338163108483756707389368573553026254634358L,
                 'cert_ver': 2,
+                'issued_to': u'narbeh.org',
                 'issuer_c': u'US',
                 'issuer_cn': u"Let's Encrypt Authority X3",
                 'issuer_o': u"Let's Encrypt",
                 'issuer_ou': None,
-                'valid_from': '2018-02-17',
-                'valid_till': '2018-05-18',
+                'valid': True,
+                'valid_from': '2018-04-21',
+                'valid_till': '2018-07-20',
                 'validity_days': 90},
  'test.com': {'cert_alg': u'sha256WithRSAEncryption',
               'cert_exp': False,
               'cert_sn': 73932709062103623902948514363737041075L,
               'cert_ver': 2,
+              'issued_to': u'www.test.com',
               'issuer_c': u'US',
               'issuer_cn': u'Network Solutions DV Server CA 2',
               'issuer_o': u'Network Solutions L.L.C.',
               'issuer_ou': None,
+              'valid': False,
               'valid_from': '2017-01-15',
               'valid_till': '2020-01-24',
               'validity_days': 1104}}
diff --git a/ssl_checker.py b/ssl_checker.py
index 28e74fb..e83d7a0 100755
--- a/ssl_checker.py
+++ b/ssl_checker.py
@@ -38,10 +38,13 @@ def get_cert(host, port):
     return cert
 
 
-def get_cert_info(cert):
+def get_cert_info(host, cert):
     """Get all the information about cert and create a JSON file."""
     context = {}
 
+    cert_subject = cert.get_subject()
+
+    context['issued_to'] = cert_subject.CN
     context['issuer_c'] = cert.get_issuer().countryName
     context['issuer_o'] = cert.get_issuer().organizationName
     context['issuer_ou'] = cert.get_issuer().organizationalUnitName
@@ -64,6 +67,9 @@ def get_cert_info(cert):
     # Validity days
     context['validity_days'] = (valid_till - valid_from).days
 
+    # Certificate validation
+    context['valid'] = True if host == context['issued_to'] else False
+
     return context
 
 
@@ -85,7 +91,7 @@ def show_result(user_args):
 
         try:
             cert = get_cert(host, port)
-            context[host] = get_cert_info(cert)
+            context[host] = get_cert_info(host, cert)
             if not user_args.json_true:
                 print('\t{}[+]{} {:<20s} Expired: {}'.format(Clr.GREEN, Clr.RST, host, context[host]['cert_exp']))
         except Exception as error: