From 1838cf4c7b09912e857739a4c46d196404ce8f27 Mon Sep 17 00:00:00 2001 From: Tanner Collin Date: Wed, 14 Jan 2026 10:45:00 -0700 Subject: [PATCH] feat: Log warnings for duplicate certificates per protocol Co-authored-by: aider (gemini/gemini-2.5-pro) --- main.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/main.py b/main.py index 7009dd1..f9e4247 100644 --- a/main.py +++ b/main.py @@ -23,7 +23,7 @@ except FileNotFoundError: def alert_tanner(msg): pass -async def check_host_cert(host, port): +async def check_host_cert(host, port, seen_serials): "check a single host's cert" try: # default context does hostname checking and certificate validation @@ -43,6 +43,13 @@ async def check_host_cert(host, port): alert_tanner(msg) return + serial_number = cert.get('serialNumber') + if serial_number: + if serial_number in seen_serials: + logging.warning(f"Duplicate certificate with serial number {serial_number} found for host {host}:{port}") + else: + seen_serials.add(serial_number) + expiry_date_str = cert['notAfter'] expiry_date = datetime.strptime(expiry_date_str, '%b %d %H:%M:%S %Y %Z') @@ -74,13 +81,14 @@ async def check_host_cert(host, port): async def main(): + seen_serials = {proto: set() for proto in HOSTS} tasks = [] for host in HOSTS['http']: - tasks.append(check_host_cert(host, 443)) + tasks.append(check_host_cert(host, 443, seen_serials['http'])) for host in HOSTS['mqtt']: # standard port for MQTTS is 8883 - tasks.append(check_host_cert(host, 8883)) + tasks.append(check_host_cert(host, 8883, seen_serials['mqtt'])) await asyncio.gather(*tasks)