ssl-test 1.4.0 → 1.5.0

data/spec/ssl-test_spec.rb

@@ -1,12 +1,21 @@
 require "ssl-test"
 require "benchmark"
+require 'webrick'
+require 'webrick/httpproxy'
 
 # Uncomment for debug logging:
 # require "logger"
 # SSLTest.logger = Logger.new(STDOUT)
 
 describe SSLTest do
-  describe '.test' do
+  before { SSLTest.flush_cache }
+
+  let(:proxy_thread) { nil }
+
+
+  after(:each) { proxy_thread&.kill }
+
+  describe '.test_url' do
     it "returns no error on valid SNI website" do
       valid, error, cert = SSLTest.test("https://www.mycs.com")
       expect(error).to be_nil
@@ -15,19 +24,22 @@ describe SSLTest do
     end
 
     it "returns no error on valid SAN" do
-      valid, error, cert = SSLTest.test("https://1000-sans.badssl.com/")
+      # CN is updown.io, www.updown.io is an Alternative Name
+      valid, error, cert = SSLTest.test("https://www.updown.io/")
       expect(error).to be_nil
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
 
-    it "returns no error when no CN" do
-      skip "Expired for the moment https://github.com/chromium/badssl.com/issues/447"
-      valid, error, cert = SSLTest.test("https://no-common-name.badssl.com/")
-      expect(error).to be_nil
-      expect(valid).to eq(true)
-      expect(cert).to be_a OpenSSL::X509::Certificate
-    end
+    # Disabled: unlikely to be repaired anytime soon: https://github.com/chromium/badssl.com/issues/447
+    # Couldn't find a good alternative
+    # it "returns no error when no CN" do
+    #   pending "Expired for the moment https://github.com/chromium/badssl.com/issues/447"
+    #   valid, error, cert = SSLTest.test("https://no-common-name.badssl.com/")
+    #   expect(error).to be_nil
+    #   expect(valid).to eq(true)
+    #   expect(cert).to be_a OpenSSL::X509::Certificate
+    # end
 
     it "works with websites blocking http requests" do
       valid, error, cert = SSLTest.test("https://obyava.ua")
@@ -38,7 +50,7 @@ describe SSLTest do
 
     it "returns error on self signed certificate" do
       valid, error, cert = SSLTest.test("https://self-signed.badssl.com/")
-      expect(error).to eq ("error code 18: self signed certificate")
+      expect(error).to eq ("error code 18: self-signed certificate")
       expect(valid).to eq(false)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
@@ -52,14 +64,14 @@ describe SSLTest do
 
     it "returns error on untrusted root" do
       valid, error, cert = SSLTest.test("https://untrusted-root.badssl.com/")
-      expect(error).to eq ("error code 19: self signed certificate in certificate chain")
+      expect(error).to eq ("error code 19: self-signed certificate in certificate chain")
       expect(valid).to eq(false)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
 
     it "returns error on invalid host" do
       valid, error, cert = SSLTest.test("https://wrong.host.badssl.com/")
-      expect(error).to include('hostname "wrong.host.badssl.com" does not match the server certificate')
+      expect(error).to include('error code 62: hostname mismatch')
       expect(valid).to eq(false)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
@@ -73,21 +85,23 @@ describe SSLTest do
 
     it "returns undetermined state on unhandled error" do
       valid, error, cert = SSLTest.test("https://pijoinlrfgind.com")
-      expect(error).to eq ("SSL certificate test failed: Failed to open TCP connection to pijoinlrfgind.com:443 (getaddrinfo: Name or service not known)")
+      expect(error).to include("SSL certificate test failed: Failed to open TCP connection to pijoinlrfgind.com:443")
+      expect(error).to include(/name.*not known/i)
       expect(valid).to be_nil
       expect(cert).to be_nil
     end
 
     it "stops on timeouts" do
       valid, error, cert = SSLTest.test("https://updown.io", open_timeout: 0)
-      expect(error).to eq ("SSL certificate test failed: Net::OpenTimeout")
+      expect(error).to include("SSL certificate test failed")
+      expect(error).to include(/timeout/i)
       expect(valid).to be_nil
       expect(cert).to be_nil
     end
 
     it "reports revocation exceptions" do
       expect(SSLTest).to receive(:follow_ocsp_redirects).and_raise(ArgumentError.new("test"))
-      valid, error, cert = SSLTest.test("https://updown.io")
+      valid, error, cert = SSLTest.test("https://digicert.com")
       expect(error).to eq ("SSL certificate test failed: test")
       expect(valid).to be_nil
       expect(cert).to be_a OpenSSL::X509::Certificate
@@ -96,8 +110,8 @@ describe SSLTest do
     it "returns error on revoked cert (OCSP)" do
       expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
       expect(SSLTest).not_to receive(:follow_crl_redirects)
-      valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
-      expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2019-10-07 20:30:39 UTC)")
+      valid, error, cert = SSLTest.test("https://revoked-rsa-dv.ssl.com/")
+      expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2025-06-09 15:07:39 UTC)")
       expect(valid).to eq(false)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
@@ -106,14 +120,15 @@ describe SSLTest do
       expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
       expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
       valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
-      expect(error).to eq ("SSL certificate revoked: Unknown reason (revocation date: 2019-10-07 20:30:39 UTC)")
+      expect(error).to eq ("SSL certificate revoked: Key Compromise (revocation date: 2025-11-04 21:01:29 UTC)")
       expect(valid).to eq(false)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
 
     it "stops following redirection after the limit for the revoked certs check" do
       valid, error, cert = SSLTest.test("https://github.com/", redirection_limit: 0)
-      expect(error).to eq ("Revocation test couldn't be performed: OCSP: Request failed (URI: http://ocsp.digicert.com): Too many redirections (> 0), CRL: Request failed (URI: http://crl3.digicert.com/sha2-ha-server-g6.crl): Too many redirections (> 0)")
+      expect(error).to include("Revocation test couldn't be performed: OCSP: Request failed")
+      expect(error).to include("Too many redirections (> 0)")
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
@@ -122,7 +137,7 @@ describe SSLTest do
       # Disable CRL fallback to see error message
       expect(SSLTest).to receive(:test_crl_revocation).once.and_return([false, "skip CRL", nil])
       expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
-      valid, error, cert = SSLTest.test("https://www.demarches-simplifiees.fr")
+      valid, error, cert = SSLTest.test("https://google.com")
       expect(error).to eq ("Revocation test couldn't be performed: OCSP: Missing OCSP URI in authorityInfoAccess extension, CRL: skip CRL")
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
@@ -142,30 +157,69 @@ describe SSLTest do
       # Disable OCSP to see error message
       expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
       expect(SSLTest).not_to receive(:follow_crl_redirects)
-      valid, error, cert = SSLTest.test("https://meta.updown.io")
+      valid, error, cert = SSLTest.test("https://github.com")
       expect(error).to eq ("Revocation test couldn't be performed: OCSP: skip OCSP, CRL: Missing crlDistributionPoints extension")
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
 
-    it "works with OCSP for first cert and CRL for intermediate (Let's Encrypt R3 intermediate)" do
+    it "works with OCSP for first cert and CRL for intermediate (Google)" do
       expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
       expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
-      valid, error, cert = SSLTest.test("https://meta.updown.io/")
+      valid, error, cert = SSLTest.test("https://google.com")
       expect(error).to be_nil
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
+      # make sure both were used
+      expect(SSLTest.cache_size).to match({
+        crl:  hash_including(lists: 1),
+        ocsp: hash_including(responses: 1, errors: 0)
+      })
     end
 
-    it "works with OCSP for first cert and CRL for intermediate (Certigna Services CA)" do
-      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
-      expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
-      # Similar chain: https://www.demarches-simplifiees.fr
-      valid, error, cert = SSLTest.test("https://www.anonymisation.gov.pf")
+    it "accepts tcps scheme" do
+      valid, error, cert = SSLTest.test("tcps://updown.io:443")
       expect(error).to be_nil
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
+
+    context 'when specifying a proxy' do
+      context 'when the proxy is active' do
+        let(:proxy_thread) do
+          thread = Thread.new do
+            dev_null = WEBrick::Log::new("/dev/null", 7)
+            $proxy = WEBrick::HTTPProxyServer.new Port: 8080,  :Logger => dev_null, :AccessLog => []
+            $proxy.start
+          end
+
+          sleep 0.1 # wait for the proxy to start!
+          allow($proxy).to receive(:do_GET).and_call_original
+
+          thread
+        end
+
+        it 'uses the provided http proxy' do
+          proxy_thread
+
+          valid, error, cert = SSLTest.test("https://updown.io", proxy_host: '127.0.0.1', proxy_port: 8080)
+          expect(error).to be_nil
+          expect(valid).to eq(true)
+          expect(cert).to be_a OpenSSL::X509::Certificate
+
+          expect($proxy).to have_received(:do_GET).twice
+        end
+      end
+
+      context 'when the proxy is not reachable' do
+        it 'returns a http error' do
+          valid, error, cert = SSLTest.test("https://updown.io", proxy_host: '127.0.0.1', proxy_port: 55000)
+          expect(error).to include('(Connection refused - connect(2) for "127.0.0.1" port 55000)')
+          expect(valid).to be_nil
+          expect(cert).to be_nil
+        end
+      end
+    end
   end
 
   describe '.cache_size' do
@@ -179,17 +233,19 @@ describe SSLTest do
     end
 
     it "returns CRL cache size properly" do
-      SSLTest.send(:follow_crl_redirects, URI("http://crl.certigna.fr/certigna.crl")) # 1.3k
-      SSLTest.send(:follow_crl_redirects, URI("http://crl3.digicert.com/ssca-sha2-g6.crl")) # 19M
+      SSLTest.send(:follow_crl_redirects, URI("http://crl.certigna.fr/certigna.crl")) # 1.1k
+      SSLTest.send(:follow_crl_redirects, URI("http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl")) # 26k
       expect(SSLTest.cache_size[:crl][:lists]).to eq(2)
-      expect(SSLTest.cache_size[:crl][:bytes]).to be > 19_000_000
+      expect(SSLTest.cache_size[:crl][:bytes]).to be > 6000
     end
 
     it "returns OCSP cache size properly" do
-      SSLTest.test("https://updown.io")
-      expect(SSLTest.cache_size[:ocsp][:responses]).to eq(2)
+      SSLTest.test("https://google.com")
+      expect(SSLTest.cache_size[:ocsp][:responses]).to eq(1)
       expect(SSLTest.cache_size[:ocsp][:errors]).to eq(0)
-      expect(SSLTest.cache_size[:ocsp][:bytes]).to be > 200
+      expect(SSLTest.cache_size[:ocsp][:bytes]).to be > 150
+      expect(SSLTest.cache_size[:crl][:lists]).to eq(1)
+      expect(SSLTest.cache_size[:crl][:bytes]).to be > 500
     end
   end
 
@@ -199,7 +255,7 @@ describe SSLTest do
     it "fetch CRL list and updates cache" do
       uri = URI("http://crl.certigna.fr/certigna.crl")
       body, error = SSLTest.send(:follow_crl_redirects, uri)
-      expect(body.bytesize).to equal 1152
+      expect(body.bytesize).to equal 1417
       expect(error).to be_nil
 
       # Check cache status
@@ -223,4 +279,195 @@ describe SSLTest do
       expect(body2).to be(body) # but we're still using cache because it's a 304
     end
   end
-end
+
+  describe '.test_cert' do
+    it "returns no error on valid SNI website" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_mycs_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_mycs_com_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns no error on self signed certificates" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/self_signed_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/self_signed_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on expired cert" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/expired_cert_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/expired_cert_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("error code 10: certificate has expired")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on incomplete chain" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/incomplete_chain_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/incomplete_chain_ca_bundle.pem')))
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("error code 20: unable to get local issuer certificate")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "reports revocation exceptions" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/digicert_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/digicert_com_ca_bundle.pem')))
+      expect(SSLTest).to receive(:follow_ocsp_redirects).and_raise(ArgumentError.new("test"))
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq("SSL certificate test failed: test")
+      expect(valid).to be_nil
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on revoked cert (OCSP)" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/revoked_rsa_dv_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/revoked_rsa_dv_ca_bundle.pem')))
+
+      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
+      expect(SSLTest).not_to receive(:follow_crl_redirects)
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2025-06-09 15:07:39 UTC)")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on revoked cert (CRL)" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/revoked_badssl_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/revoked_badssl_ca_bundle.pem')))
+
+      expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
+      expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("SSL certificate revoked: Key Compromise (revocation date: 2025-11-04 21:01:29 UTC)")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "stops following redirection after the limit for the revoked certs check" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_github_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_github_com_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle, redirection_limit: 0)
+      expect(error).to include("Revocation test couldn't be performed: OCSP: Request failed")
+      expect(error).to include("Too many redirections (> 0)")
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "warns when the OCSP URI is missing" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+      # Disable CRL fallback to see error message
+      expect(SSLTest).to receive(:test_crl_revocation).once.and_return([false, "skip CRL", nil])
+      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("Revocation test couldn't be performed: OCSP: Missing OCSP URI in authorityInfoAccess extension, CRL: skip CRL")
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "works with CRL only" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_demarches-simplifiees_fr_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_demarches-simplifiees_fr_ca_bundle.pem')))
+
+      # Disable OCSP
+      expect(SSLTest).to receive(:test_ocsp_revocation).twice.and_return([false, "skip OCSP", nil])
+      expect(SSLTest).to receive(:follow_crl_redirects).twice.and_call_original
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "warns when the CRL URI is missing" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_github_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_github_com_ca_bundle.pem')))
+
+      # Disable OCSP to see error message
+      expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
+      expect(SSLTest).not_to receive(:follow_crl_redirects)
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("Revocation test couldn't be performed: OCSP: skip OCSP, CRL: Missing crlDistributionPoints extension")
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+
+    end
+
+    it "works with OCSP for first cert and CRL for intermediate (Google)" do
+      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
+      expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
+
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+      # make sure both were used
+      expect(SSLTest.cache_size).to match({
+        crl:  hash_including(lists: 1),
+        ocsp: hash_including(responses: 1, errors: 0)
+      })
+    end
+
+    context 'when specifying a proxy' do
+      context 'when the proxy is active' do
+        let(:proxy_thread) do
+          thread = Thread.new do
+            dev_null = WEBrick::Log::new("/dev/null", 7)
+            $proxy = WEBrick::HTTPProxyServer.new Port: 8080,  :Logger => dev_null, :AccessLog => []
+            $proxy.start
+          end
+
+          sleep 0.1 # wait for the proxy to start!
+          allow($proxy).to receive(:do_GET).and_call_original
+
+          thread
+        end
+
+        it 'uses the provided http proxy' do
+          proxy_thread
+
+          cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+          ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+          valid, error, cert = SSLTest.test_cert(cert, ca_bundle, proxy_host: '127.0.0.1', proxy_port: 8080)
+          expect(error).to be_nil
+          expect(valid).to eq(true)
+          expect(cert).to eq(cert)
+
+          expect($proxy).to have_received(:do_GET).once
+        end
+      end
+
+      context 'when the proxy is not reachable' do
+        it 'returns a http error' do
+          cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+          ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+          valid, error, cert = SSLTest.test_cert(cert, ca_bundle, proxy_host: '127.0.0.1', proxy_port: 55000)
+          expect(error).to include('(Connection refused - connect(2) for "127.0.0.1" port 55000)')
+          expect(valid).to be_nil
+          expect(cert).to eq(cert)
+        end
+      end
+    end
+  end
+end

data/ssl-test.gemspec

@@ -20,4 +20,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", ">= 1.7"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec"
+  spec.add_development_dependency "webrick"
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: ssl-test
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Adrien Rey-Jarthon
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-16 00:00:00.000000000 Z
+date: 2025-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,15 +51,29 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 email:
 - jobs@adrienjarthon.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
+- ".github/workflows/ruby.yml"
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -69,13 +82,32 @@ files:
 - lib/ssl-test/crl.rb
 - lib/ssl-test/object_size.rb
 - lib/ssl-test/ocsp.rb
+- spec/fixtures/digicert_com_ca_bundle.pem
+- spec/fixtures/digicert_com_client.pem
+- spec/fixtures/expired_cert_ca_bundle.pem
+- spec/fixtures/expired_cert_client.pem
+- spec/fixtures/google_com_ca_bundle.pem
+- spec/fixtures/google_com_client.pem
+- spec/fixtures/incomplete_chain_ca_bundle.pem
+- spec/fixtures/incomplete_chain_client.pem
+- spec/fixtures/revoked_badssl_ca_bundle.pem
+- spec/fixtures/revoked_badssl_client.pem
+- spec/fixtures/revoked_rsa_dv_ca_bundle.pem
+- spec/fixtures/revoked_rsa_dv_client.pem
+- spec/fixtures/self_signed_ca_bundle.pem
+- spec/fixtures/self_signed_client.pem
+- spec/fixtures/www_demarches-simplifiees_fr_ca_bundle.pem
+- spec/fixtures/www_demarches-simplifiees_fr_client.pem
+- spec/fixtures/www_github_com_ca_bundle.pem
+- spec/fixtures/www_github_com_client.pem
+- spec/fixtures/www_mycs_com_ca_bundle.pem
+- spec/fixtures/www_mycs_com_client.pem
 - spec/ssl-test_spec.rb
 - ssl-test.gemspec
 homepage: https://github.com/jarthod/ssl-test
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -90,9 +122,28 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Test website SSL certificate validity
 test_files:
+- spec/fixtures/digicert_com_ca_bundle.pem
+- spec/fixtures/digicert_com_client.pem
+- spec/fixtures/expired_cert_ca_bundle.pem
+- spec/fixtures/expired_cert_client.pem
+- spec/fixtures/google_com_ca_bundle.pem
+- spec/fixtures/google_com_client.pem
+- spec/fixtures/incomplete_chain_ca_bundle.pem
+- spec/fixtures/incomplete_chain_client.pem
+- spec/fixtures/revoked_badssl_ca_bundle.pem
+- spec/fixtures/revoked_badssl_client.pem
+- spec/fixtures/revoked_rsa_dv_ca_bundle.pem
+- spec/fixtures/revoked_rsa_dv_client.pem
+- spec/fixtures/self_signed_ca_bundle.pem
+- spec/fixtures/self_signed_client.pem
+- spec/fixtures/www_demarches-simplifiees_fr_ca_bundle.pem
+- spec/fixtures/www_demarches-simplifiees_fr_client.pem
+- spec/fixtures/www_github_com_ca_bundle.pem
+- spec/fixtures/www_github_com_client.pem
+- spec/fixtures/www_mycs_com_ca_bundle.pem
+- spec/fixtures/www_mycs_com_client.pem
 - spec/ssl-test_spec.rb

data/.travis.yml

@@ -1,5 +0,0 @@
-language: ruby
-
-rvm:
-  - 2.4.3
-  - 2.5.0