RubyGems - cert_checker - Versions diffs - 0.1.2 → 0.1.3 - Mend

cert_checker 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 25e5631bef7c2a174f057b443400c347f370ffa9
-  data.tar.gz: a55d4664d48130d349f8ba18c198217362c0efd7
+SHA256:
+  metadata.gz: 13a2dc5bb17b514adfcb06421ac83c4ac597b7b5051a66f76c1fcf53a9b57063
+  data.tar.gz: 699da8c4394c5797e95a0e913541af5a979bc84a0e62ca082aec1a2378b3dc81
 SHA512:
-  metadata.gz: 2deb90357e69ad1109e528613e9509e11555112ffc9df4bfa8eba658fe2f9fbee7efdbc499c187469ec911aa0f93d06c145bf87b54ff263b7f7980f1a783d4d9
-  data.tar.gz: 229b684fb85d26498dee345e01dd2f7a1612cad6fb559fe71eaa1714cdd9f1105e4c360d55090e0c8d8ab832a1275a41720cc3639659e3d46ac2d8a6ce0d4291
+  metadata.gz: feb368b6d8e1db85ecbb11aa4ddf2c52d3a9e22b775d4488f90a2c0d49986a1a30d90f9349353bd6a52ee3cb01d6b80a1f2bf59c3b4f032f5648a7b1b2861b81
+  data.tar.gz: 36d507330fae5fb8684dcfa26e524f90bf526c431ac3d6eba3ca13b882bebcab98d5e9b62df5f0ac2177be302aa133cc6231d10bf039a7a2aa2f4c0dd4f3dd23

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    cert_checker (0.1.1)
+    cert_checker (0.1.3)
 GEM
   remote: https://rubygems.org/
@@ -54,4 +54,4 @@ DEPENDENCIES
   rubocop (~> 0.60.0)
 BUNDLED WITH
-   1.17.1
+   1.17.3

data/README.md CHANGED Viewed

@@ -25,9 +25,12 @@ cert_checker [-d domain_or_ip] [-f hosts_file]
 ### Examples
 ```
-$ cert_checker -d taobao.com -d xjz.pw
-ok             taobao.com                          GlobalSign nv-sa     2019-11-13 344 days
-ok             xjz.pw                              Let's Encrypt        2019-02-18 76 days
+$ cert_checker -d taobao.com -d xjz.pw -d slack.com -d asdf.com
+ok             taobao.com                          GlobalSign nv-sa     2019-11-13 344 days (http/1.1)
+ok             xjz.pw                              Let's Encrypt        2019-02-18 76 days (http/1.1)
+ok             slack.com                           DigiCert Inc         2021-02-12 714 days (h2)
+ok             asdf.com                            Let's Encrypt        2019-04-08 38 days (No ALPN)
 $ cat >> myhosts <<EOF
 # A
@@ -39,9 +42,9 @@ jd.com
 EOF
 $ cert_checker -f myhosts
-ok             xjz.pw                              Let's Encrypt        2019-02-18 76 days
-ok             taobao.com                          GlobalSign nv-sa     2019-11-13 344 days
-ok             jd.com                              GlobalSign nv-sa     2019-09-28 298 days
+ok             xjz.pw                              Let's Encrypt        2019-02-18 76 days (http/1.1)
+ok             taobao.com                          GlobalSign nv-sa     2019-11-13 344 days (http/1.1)
+ok             jd.com                              GlobalSign nv-sa     2019-09-28 298 days (http/1.1)
 ```
 ## Code Usage
@@ -49,11 +52,11 @@ ok             jd.com                              GlobalSign nv-sa     2019-09-
 ```
 require 'cert_checker'
-status, host, issuer, expired, desc = CertChecker.check('taobao.com')
+status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('taobao.com')
 # Other port and timeout
 port = 443 # default
-status, host, issuer, expired, desc = CertChecker.check('taobao.com', port, timeout: 5)
+status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('taobao.com', port, timeout: 5)
 ```
 **Add your root cert**
@@ -62,7 +65,7 @@ status, host, issuer, expired, desc = CertChecker.check('taobao.com', port, time
 CertChecker.cert_store.add_cert(root_ca)
 # It will trust certs which signed by this root ca
-status, host, issuer, expired, desc = CertChecker.check('mydomain.com', port, timeout: 3)
+status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('mydomain.com', port, timeout: 3)
 ```
 **Multiple cert store instance**
@@ -73,7 +76,7 @@ class MyChecker
 end
 MyChecker.cert_store.add_cert(root_ca)
-status, host, issuer, expired, desc = MyChecker.check('mydomain.com', port, timeout: 3)
+status, host, issuer, expired, desc, alpn_protocol = MyChecker.check('mydomain.com', port, timeout: 3)
 ```
 ## All Status

data/exe/cert_checker CHANGED Viewed

@@ -29,14 +29,15 @@ end
 puts parser.help if hosts.empty?
-format = "%-14s %-35s %-20s %10s %s"
+format = "%-14s %-35s %-20s %10s %s (%s)"
 hosts.each do |host|
   begin
-    status, host, issuer, expired, desc = CertChecker.check(host)
+    status, host, issuer, expired, desc, alpn_protocol = CertChecker.check(host)
     expired = expired.strftime('%F') if expired
     desc = desc.to_s + ' days' if desc.to_s =~ /^\d+$/
-    puts format % [status, host, issuer, expired, desc]
+    alpn_protocol ||= 'No ALPN'
+    puts format % [status, host, issuer, expired, desc, alpn_protocol]
   rescue CertChecker::Error => e
-    puts format % ['error', host, e.message, nil, nil]
+    puts format % ['error', host, e.message, nil, nil, nil]
   end
 end

data/lib/cert_checker.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module CertChecker
   def get_cert(host, port = 443, timeout: DEFAULT_TIMEOUT)
     tcp_client = Socket.tcp(host, port, connect_timeout: timeout)
-    ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client)
+    ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client, new_ctx)
     ssl_client.hostname = host
     begin
@@ -26,7 +26,7 @@ module CertChecker
       retry if IO.select(nil, [ssl_client], nil, timeout)
     end
-    [ssl_client.peer_cert, ssl_client.peer_cert_chain].tap do
+    [ssl_client.peer_cert, ssl_client.peer_cert_chain, ssl_client.alpn_protocol].tap do
       ssl_client.close
       tcp_client.close
     end
@@ -36,17 +36,17 @@ module CertChecker
   # @return [cert, verify_result, cert_chain, err_str]
   def verify(host, *args)
-    cert, cert_chain = get_cert(host, *args)
+    cert, cert_chain, alpn_protocol = get_cert(host, *args)
     if cert
       err = nil
       result = cert_store.verify(cert, cert_chain) { |r, s| err = s.error_string unless r; r }
-      [cert, result, cert_chain, err]
+      [cert, result, cert_chain, alpn_protocol, err]
     end
   end
   # @return [status_symbol, host, issuer, expired_at, desc]
   def check(host, *args)
-    cert, verify_result, _cert_chain, err_str = verify(host, *args)
+    cert, verify_result, _cert_chain, alpn_protocol, err_str = verify(host, *args)
     return [:failed, host, nil, nil, nil] unless cert
     status_sym = :unverifiable unless verify_result
@@ -63,7 +63,7 @@ module CertChecker
     else :ok
     end
-    [status_sym, host, issuer, expired_at, desc]
+    [status_sym, host, issuer, expired_at, desc, alpn_protocol]
   end
   def cert_store
@@ -74,6 +74,12 @@ module CertChecker
   private
+  def new_ctx
+    OpenSSL::SSL::SSLContext.new.tap do |ctx|
+      ctx.alpn_protocols = %w{http/1.1 h2}
+    end
+  end
   def verify_cert_dns(host, cert)
     dns_ext = cert.extensions.find { |e| e.oid == 'subjectAltName' }
     dns = dns_ext.value.split(',').map { |d| d.split(':').last }

data/lib/cert_checker/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module CertChecker
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cert_checker
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - jiangzhi.xie
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-12-12 00:00:00.000000000 Z
+date: 2019-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -108,7 +108,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.14.3
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: A tool to check host certs config