bin/web
-
Implement error coloration for endpoints.
-
This ended up being an adventure to clean up the CSS, properly scoping styles and applying some basic variable support.
-
This article from MDN has a great overview of how selectors work and how to write nesting properly.
-
This article has some interesting ideas on how to embed icons directly in CSS, instead of rendering them as markup. Kinda like that, honestly.
-
I’ve implemented this for all the icons, and removed the dependency on
gomponents-heroicons
. This site has some nice tools for copying thebase64
data URLs for this technique to work. -
In the process of doing this, I’ve learned how to get the damn icons to vertically align with the text in, say, an
infobox
. Turns out, you need to apply thevertical-align: middle
to the IMAGE (or other block element), instead of the text or container element like I was assuming. Don’t know why I didn’t try that. -
Still need to figure out how to colorize the SVG icons when they are being used like this, but that’s a minor issue and one I can figure out later.
-
-
Figure out how to deal with the endpoint tabs being too long.
-
This ended up being the
style
attribute I was adding- since it restricted the height of the element to24px
, it would not reflow content correctly if the number of tabs exceeded the screen width. Removing thestyle
makes this do The Right Thing™️. -
Figure out why cert checks seem to be duplicated according to the number of checks.
-
OK, this is about what I expected. Since we’re executing the same check multiple times per cert in a scan with multiple endpoints, it records multiple results. I ended up solving this by only selecting the first check for each one:
A longer-term fix would also be to de-duplicate check results as they are inserted into the database, but I’ve done this on the display end to make sure it always happens.
lib/tls/basic
-
Fix the incorrect parsing of ciphersuite hex bytes.
-
This ended up being that I was representing them wrong in my
struct
definitions, creating an extra layer ofstruct
where there didn’t need to be one. The working definition looks like this:
- Aside: I’m very impressed with how FAST the ciphersuite determination is- for a basic scan of
he.net
I can complete the two endpoints for it in less than a second, with the time for all other checks included. Beat that, SSLabs!
lib/data
-
Properly mark scans as done when all tasks are finished.
-
Need to find something like a
sql.NullDuration
type? I wonder ifpgx
has one.
bin/worker/task
-
Fixed a small bug where if TLS 1.0 or 1.1 were not supported, the check would exit with no output.
-
Added a link to ciphersuite.info to the “Insecure TLS 1.2 Ciphers” check so people know where we get our information from.