check_certificate_chain 0.0.1 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/check_certificate_chain +52 -42
- metadata +6 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e249541543f17379be14e497d060101e31454cf
|
4
|
+
data.tar.gz: 8d667a7f31a552b209daf3f56ff9df2ffaf648bd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4dd6caf84eca88a2f7c138abac89b37b5a9f445eb2b25994e2a369ec336f8a4f24a2d84588920610e954d24dd80e51a06e80ead15209e2ad5397da6cc2749c90
|
7
|
+
data.tar.gz: 3c4ce2be1cd2670102bebe00a3c740f0f07a132738a24d786c74e055624aa85b2ae555981167ea3f7042ac9f9d11a4779120dd4ec2c81d23d6c534f7100556dd
|
data/bin/check_certificate_chain
CHANGED
@@ -1,9 +1,11 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
|
+
require 'uri'
|
3
4
|
require 'openssl'
|
4
5
|
require 'socket'
|
5
|
-
|
6
|
-
|
6
|
+
|
7
|
+
uri = URI(ARGV[0])
|
8
|
+
uri = uri.host.nil? ? ARGV[0] : uri.host
|
7
9
|
|
8
10
|
module OpenSSL
|
9
11
|
module X509
|
@@ -18,10 +20,8 @@ end
|
|
18
20
|
cert_store = OpenSSL::X509::Store.new
|
19
21
|
cert_store.set_default_paths
|
20
22
|
|
21
|
-
uri = URI(ARGV[0])
|
22
|
-
uri = uri.host.nil? ? ARGV[0] : uri.host
|
23
|
-
|
24
23
|
ctx = OpenSSL::SSL::SSLContext.new
|
24
|
+
|
25
25
|
socket = TCPSocket.new(uri, 443)
|
26
26
|
|
27
27
|
ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
|
@@ -30,64 +30,74 @@ ssl.hostname = uri
|
|
30
30
|
ssl.connect
|
31
31
|
|
32
32
|
chain = ssl.peer_cert_chain
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
if OpenSSL::SSL.verify_certificate_identity(chain[0], uri)
|
41
|
-
puts "The hostname (".green + "#{uri}".bold + ") is correctly listed in the certificate".green
|
33
|
+
certificate = chain.first
|
34
|
+
|
35
|
+
output = {}
|
36
|
+
output[:header] = "--- Certificate chain"
|
37
|
+
output[:hostname] = ""
|
38
|
+
output[:short] = ""
|
39
|
+
output[:long] = ""
|
42
40
|
|
43
|
-
|
44
|
-
|
41
|
+
if OpenSSL::SSL.verify_certificate_identity(certificate, uri)
|
42
|
+
output[:hostname] << "The hostname #{uri} is correctly listed in the certificate\n"
|
43
|
+
|
44
|
+
output[:hostname] << "--- The certificate will expire in " +
|
45
|
+
((certificate.not_after - certificate.not_before).to_i / (24 * 60 * 60)).to_s + " days.\n"
|
45
46
|
else
|
46
|
-
|
47
|
-
|
47
|
+
output[:hostname] << "None of the common names in the certificate match the name that was enterred " +
|
48
|
+
"(#{uri})\n---\n"
|
48
49
|
end
|
49
|
-
puts "---"
|
50
50
|
|
51
51
|
check_chain_status = true
|
52
52
|
|
53
|
-
chain.each_with_index do |
|
54
|
-
|
55
|
-
|
53
|
+
chain.each_with_index do |cert, i|
|
54
|
+
output[:short] << "#{i} s:#{chain[i].subject.to_s}\n" +
|
55
|
+
" i:#{chain[i].issuer.to_s}\n"
|
56
|
+
|
57
|
+
output[:short] << "---\n" if i.eql?(chain.size - 1)
|
56
58
|
|
57
|
-
|
59
|
+
subject = cert.subject.to_s.split("CN=").last
|
60
|
+
output[:long] << "Common name: #{subject}\n"
|
61
|
+
|
62
|
+
sans = cert.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
|
58
63
|
unless sans.nil?
|
59
|
-
sans = sans.value.delete(
|
60
|
-
|
64
|
+
sans = sans.value.delete("DNS:")
|
65
|
+
output[:long] << "SANs: #{sans}\n"
|
61
66
|
end
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
+
|
68
|
+
output[:long] << "Valid #{cert.not_before.strftime('from %B %d, %Y')} " +
|
69
|
+
"#{cert.not_after.strftime('to %B %d, %Y')}\n"
|
70
|
+
output[:long] << "Serial Number: #{cert.serial.to_s(16)}\n"
|
71
|
+
output[:long] << "Signature Algorithm: #{cert.signature_algorithm}\n"
|
72
|
+
output[:long] << "Issuer: #{cert.issuer.to_s.split("CN=").last}\n"
|
73
|
+
|
74
|
+
output[:long] << "--- "
|
67
75
|
|
68
76
|
if check_chain_status
|
69
77
|
unless chain[i+1].nil?
|
70
|
-
if
|
71
|
-
|
78
|
+
if cert.verify chain[i+1].public_key
|
79
|
+
output[:long] << "chain ok\n"
|
72
80
|
else
|
73
|
-
|
81
|
+
output[:long] << "chain broken\n"
|
74
82
|
check_chain_status = false
|
75
83
|
end
|
76
84
|
else
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
puts "checked against os store; chain ok".yellow
|
85
|
+
unless cert.self_signed?
|
86
|
+
if cert_store.verify cert
|
87
|
+
output[:long] << "checked against os store; chain ok\n"
|
81
88
|
else
|
82
|
-
|
83
|
-
|
89
|
+
output[:long] << "checked agains os store; chain broken\n"
|
90
|
+
check_chain_status = false
|
84
91
|
end
|
85
92
|
else
|
86
|
-
|
93
|
+
output[:long] << "\n"
|
87
94
|
end
|
88
95
|
end
|
89
96
|
else
|
90
|
-
|
97
|
+
output[:long] << "\n"
|
91
98
|
end
|
92
|
-
# puts "\n" if chain.size == i + 1 || check_chain_status == false
|
93
99
|
end
|
100
|
+
|
101
|
+
puts output[:header]
|
102
|
+
puts output[:short]
|
103
|
+
puts output[:long]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: check_certificate_chain
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jora Porcu
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-07-
|
11
|
+
date: 2017-07-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: openssl
|
@@ -17,28 +17,14 @@ dependencies:
|
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '2'
|
20
|
-
type: :
|
20
|
+
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '2'
|
27
|
-
|
28
|
-
name: colorize
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - "~>"
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '0'
|
34
|
-
type: :runtime
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - "~>"
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: '0'
|
41
|
-
description: cli tool that dumps https cert chain information and check the chain.
|
27
|
+
description: Cli tool to check http connection certificates.
|
42
28
|
email: jitlogan@gmail.com
|
43
29
|
executables:
|
44
30
|
- check_certificate_chain
|
@@ -66,8 +52,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
66
52
|
version: '0'
|
67
53
|
requirements: []
|
68
54
|
rubyforge_project:
|
69
|
-
rubygems_version: 2.
|
55
|
+
rubygems_version: 2.4.5.2
|
70
56
|
signing_key:
|
71
57
|
specification_version: 4
|
72
|
-
summary:
|
58
|
+
summary: Check HTTPS certificates
|
73
59
|
test_files: []
|