From d8dcf40eb2f2c33b1d262b665cf5f2f1f769e625 Mon Sep 17 00:00:00 2001
From: Konstantin Larin <konstantin@larin.dev>
Date: Wed, 27 May 2026 23:47:31 +0300
Subject: [PATCH] fix: nil pointer dereference in ScanTLS when no cert has
 DNSNames

---
 scanner.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scanner.go b/scanner.go
index a50bf85..0b8af0e 100644
--- a/scanner.go
+++ b/scanner.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"crypto/tls"
-	"crypto/x509"
 	"log/slog"
 	"net"
 	"strconv"
@@ -50,7 +49,7 @@ func ScanTLS(host Host, out chan<- string, geo *Geo) {
 	domain := state.PeerCertificates[0].Subject.CommonName
 	issuers := strings.Join(state.PeerCertificates[0].Issuer.Organization, " | ")
 	length := 0
-	var leaf *x509.Certificate
+	leaf := state.PeerCertificates[0]
 	for _, cert := range state.PeerCertificates {
 		length += len(cert.Raw)
 		if len(cert.DNSNames) != 0 {