cert_checker 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile.lock +2 -2
  3. data/README.md +13 -10
  4. data/exe/cert_checker +5 -4
  5. data/lib/cert_checker.rb +12 -6
  6. data/lib/cert_checker/version.rb +1 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 25e5631bef7c2a174f057b443400c347f370ffa9
4
- data.tar.gz: a55d4664d48130d349f8ba18c198217362c0efd7
2
+ SHA256:
3
+ metadata.gz: 13a2dc5bb17b514adfcb06421ac83c4ac597b7b5051a66f76c1fcf53a9b57063
4
+ data.tar.gz: 699da8c4394c5797e95a0e913541af5a979bc84a0e62ca082aec1a2378b3dc81
5
5
  SHA512:
6
- metadata.gz: 2deb90357e69ad1109e528613e9509e11555112ffc9df4bfa8eba658fe2f9fbee7efdbc499c187469ec911aa0f93d06c145bf87b54ff263b7f7980f1a783d4d9
7
- data.tar.gz: 229b684fb85d26498dee345e01dd2f7a1612cad6fb559fe71eaa1714cdd9f1105e4c360d55090e0c8d8ab832a1275a41720cc3639659e3d46ac2d8a6ce0d4291
6
+ metadata.gz: feb368b6d8e1db85ecbb11aa4ddf2c52d3a9e22b775d4488f90a2c0d49986a1a30d90f9349353bd6a52ee3cb01d6b80a1f2bf59c3b4f032f5648a7b1b2861b81
7
+ data.tar.gz: 36d507330fae5fb8684dcfa26e524f90bf526c431ac3d6eba3ca13b882bebcab98d5e9b62df5f0ac2177be302aa133cc6231d10bf039a7a2aa2f4c0dd4f3dd23
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- cert_checker (0.1.1)
4
+ cert_checker (0.1.3)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -54,4 +54,4 @@ DEPENDENCIES
54
54
  rubocop (~> 0.60.0)
55
55
 
56
56
  BUNDLED WITH
57
- 1.17.1
57
+ 1.17.3
data/README.md CHANGED
@@ -25,9 +25,12 @@ cert_checker [-d domain_or_ip] [-f hosts_file]
25
25
  ### Examples
26
26
 
27
27
  ```
28
- $ cert_checker -d taobao.com -d xjz.pw
29
- ok taobao.com GlobalSign nv-sa 2019-11-13 344 days
30
- ok xjz.pw Let's Encrypt 2019-02-18 76 days
28
+ $ cert_checker -d taobao.com -d xjz.pw -d slack.com -d asdf.com
29
+ ok taobao.com GlobalSign nv-sa 2019-11-13 344 days (http/1.1)
30
+ ok xjz.pw Let's Encrypt 2019-02-18 76 days (http/1.1)
31
+ ok slack.com DigiCert Inc 2021-02-12 714 days (h2)
32
+ ok asdf.com Let's Encrypt 2019-04-08 38 days (No ALPN)
33
+
31
34
 
32
35
  $ cat >> myhosts <<EOF
33
36
  # A
@@ -39,9 +42,9 @@ jd.com
39
42
  EOF
40
43
 
41
44
  $ cert_checker -f myhosts
42
- ok xjz.pw Let's Encrypt 2019-02-18 76 days
43
- ok taobao.com GlobalSign nv-sa 2019-11-13 344 days
44
- ok jd.com GlobalSign nv-sa 2019-09-28 298 days
45
+ ok xjz.pw Let's Encrypt 2019-02-18 76 days (http/1.1)
46
+ ok taobao.com GlobalSign nv-sa 2019-11-13 344 days (http/1.1)
47
+ ok jd.com GlobalSign nv-sa 2019-09-28 298 days (http/1.1)
45
48
  ```
46
49
 
47
50
  ## Code Usage
@@ -49,11 +52,11 @@ ok jd.com GlobalSign nv-sa 2019-09-
49
52
  ```
50
53
  require 'cert_checker'
51
54
 
52
- status, host, issuer, expired, desc = CertChecker.check('taobao.com')
55
+ status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('taobao.com')
53
56
 
54
57
  # Other port and timeout
55
58
  port = 443 # default
56
- status, host, issuer, expired, desc = CertChecker.check('taobao.com', port, timeout: 5)
59
+ status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('taobao.com', port, timeout: 5)
57
60
  ```
58
61
 
59
62
  **Add your root cert**
@@ -62,7 +65,7 @@ status, host, issuer, expired, desc = CertChecker.check('taobao.com', port, time
62
65
  CertChecker.cert_store.add_cert(root_ca)
63
66
 
64
67
  # It will trust certs which signed by this root ca
65
- status, host, issuer, expired, desc = CertChecker.check('mydomain.com', port, timeout: 3)
68
+ status, host, issuer, expired, desc, alpn_protocol = CertChecker.check('mydomain.com', port, timeout: 3)
66
69
  ```
67
70
 
68
71
  **Multiple cert store instance**
@@ -73,7 +76,7 @@ class MyChecker
73
76
  end
74
77
 
75
78
  MyChecker.cert_store.add_cert(root_ca)
76
- status, host, issuer, expired, desc = MyChecker.check('mydomain.com', port, timeout: 3)
79
+ status, host, issuer, expired, desc, alpn_protocol = MyChecker.check('mydomain.com', port, timeout: 3)
77
80
  ```
78
81
 
79
82
  ## All Status
data/exe/cert_checker CHANGED
@@ -29,14 +29,15 @@ end
29
29
 
30
30
  puts parser.help if hosts.empty?
31
31
 
32
- format = "%-14s %-35s %-20s %10s %s"
32
+ format = "%-14s %-35s %-20s %10s %s (%s)"
33
33
  hosts.each do |host|
34
34
  begin
35
- status, host, issuer, expired, desc = CertChecker.check(host)
35
+ status, host, issuer, expired, desc, alpn_protocol = CertChecker.check(host)
36
36
  expired = expired.strftime('%F') if expired
37
37
  desc = desc.to_s + ' days' if desc.to_s =~ /^\d+$/
38
- puts format % [status, host, issuer, expired, desc]
38
+ alpn_protocol ||= 'No ALPN'
39
+ puts format % [status, host, issuer, expired, desc, alpn_protocol]
39
40
  rescue CertChecker::Error => e
40
- puts format % ['error', host, e.message, nil, nil]
41
+ puts format % ['error', host, e.message, nil, nil, nil]
41
42
  end
42
43
  end
data/lib/cert_checker.rb CHANGED
@@ -15,7 +15,7 @@ module CertChecker
15
15
 
16
16
  def get_cert(host, port = 443, timeout: DEFAULT_TIMEOUT)
17
17
  tcp_client = Socket.tcp(host, port, connect_timeout: timeout)
18
- ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client)
18
+ ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client, new_ctx)
19
19
  ssl_client.hostname = host
20
20
 
21
21
  begin
@@ -26,7 +26,7 @@ module CertChecker
26
26
  retry if IO.select(nil, [ssl_client], nil, timeout)
27
27
  end
28
28
 
29
- [ssl_client.peer_cert, ssl_client.peer_cert_chain].tap do
29
+ [ssl_client.peer_cert, ssl_client.peer_cert_chain, ssl_client.alpn_protocol].tap do
30
30
  ssl_client.close
31
31
  tcp_client.close
32
32
  end
@@ -36,17 +36,17 @@ module CertChecker
36
36
 
37
37
  # @return [cert, verify_result, cert_chain, err_str]
38
38
  def verify(host, *args)
39
- cert, cert_chain = get_cert(host, *args)
39
+ cert, cert_chain, alpn_protocol = get_cert(host, *args)
40
40
  if cert
41
41
  err = nil
42
42
  result = cert_store.verify(cert, cert_chain) { |r, s| err = s.error_string unless r; r }
43
- [cert, result, cert_chain, err]
43
+ [cert, result, cert_chain, alpn_protocol, err]
44
44
  end
45
45
  end
46
46
 
47
47
  # @return [status_symbol, host, issuer, expired_at, desc]
48
48
  def check(host, *args)
49
- cert, verify_result, _cert_chain, err_str = verify(host, *args)
49
+ cert, verify_result, _cert_chain, alpn_protocol, err_str = verify(host, *args)
50
50
  return [:failed, host, nil, nil, nil] unless cert
51
51
  status_sym = :unverifiable unless verify_result
52
52
 
@@ -63,7 +63,7 @@ module CertChecker
63
63
  else :ok
64
64
  end
65
65
 
66
- [status_sym, host, issuer, expired_at, desc]
66
+ [status_sym, host, issuer, expired_at, desc, alpn_protocol]
67
67
  end
68
68
 
69
69
  def cert_store
@@ -74,6 +74,12 @@ module CertChecker
74
74
 
75
75
  private
76
76
 
77
+ def new_ctx
78
+ OpenSSL::SSL::SSLContext.new.tap do |ctx|
79
+ ctx.alpn_protocols = %w{http/1.1 h2}
80
+ end
81
+ end
82
+
77
83
  def verify_cert_dns(host, cert)
78
84
  dns_ext = cert.extensions.find { |e| e.oid == 'subjectAltName' }
79
85
  dns = dns_ext.value.split(',').map { |d| d.split(':').last }
data/lib/cert_checker/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module CertChecker
4
- VERSION = "0.1.2"
4
+ VERSION = "0.1.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cert_checker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - jiangzhi.xie
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-12 00:00:00.000000000 Z
11
+ date: 2019-03-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -108,7 +108,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
108
108
  version: '0'
109
109
  requirements: []
110
110
  rubyforge_project:
111
- rubygems_version: 2.6.14.3
111
+ rubygems_version: 2.7.6
112
112
  signing_key:
113
113
  specification_version: 4
114
114
  summary: A tool to check host certs config