ssl-test 1.4.1 → 1.5.0

data/spec/ssl-test_spec.rb

@@ -1,12 +1,21 @@
 require "ssl-test"
 require "benchmark"
+require 'webrick'
+require 'webrick/httpproxy'
 
 # Uncomment for debug logging:
 # require "logger"
 # SSLTest.logger = Logger.new(STDOUT)
 
 describe SSLTest do
-  describe '.test' do
+  before { SSLTest.flush_cache }
+
+  let(:proxy_thread) { nil }
+
+
+  after(:each) { proxy_thread&.kill }
+
+  describe '.test_url' do
     it "returns no error on valid SNI website" do
       valid, error, cert = SSLTest.test("https://www.mycs.com")
       expect(error).to be_nil
@@ -15,20 +24,22 @@ describe SSLTest do
     end
 
     it "returns no error on valid SAN" do
-      pending "Expired for the moment"
-      valid, error, cert = SSLTest.test("https://1000-sans.badssl.com/")
+      # CN is updown.io, www.updown.io is an Alternative Name
+      valid, error, cert = SSLTest.test("https://www.updown.io/")
       expect(error).to be_nil
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
 
-    it "returns no error when no CN" do
-      pending "Expired for the moment https://github.com/chromium/badssl.com/issues/447"
-      valid, error, cert = SSLTest.test("https://no-common-name.badssl.com/")
-      expect(error).to be_nil
-      expect(valid).to eq(true)
-      expect(cert).to be_a OpenSSL::X509::Certificate
-    end
+    # Disabled: unlikely to be repaired anytime soon: https://github.com/chromium/badssl.com/issues/447
+    # Couldn't find a good alternative
+    # it "returns no error when no CN" do
+    #   pending "Expired for the moment https://github.com/chromium/badssl.com/issues/447"
+    #   valid, error, cert = SSLTest.test("https://no-common-name.badssl.com/")
+    #   expect(error).to be_nil
+    #   expect(valid).to eq(true)
+    #   expect(cert).to be_a OpenSSL::X509::Certificate
+    # end
 
     it "works with websites blocking http requests" do
       valid, error, cert = SSLTest.test("https://obyava.ua")
@@ -74,21 +85,23 @@ describe SSLTest do
 
     it "returns undetermined state on unhandled error" do
       valid, error, cert = SSLTest.test("https://pijoinlrfgind.com")
-      expect(error).to eq ("SSL certificate test failed: Failed to open TCP connection to pijoinlrfgind.com:443 (getaddrinfo: Name or service not known)")
+      expect(error).to include("SSL certificate test failed: Failed to open TCP connection to pijoinlrfgind.com:443")
+      expect(error).to include(/name.*not known/i)
       expect(valid).to be_nil
       expect(cert).to be_nil
     end
 
     it "stops on timeouts" do
       valid, error, cert = SSLTest.test("https://updown.io", open_timeout: 0)
-      expect(error).to eq ("SSL certificate test failed: Failed to open TCP connection to updown.io:443 (Connection timed out - user specified timeout)")
+      expect(error).to include("SSL certificate test failed")
+      expect(error).to include(/timeout/i)
       expect(valid).to be_nil
       expect(cert).to be_nil
     end
 
     it "reports revocation exceptions" do
       expect(SSLTest).to receive(:follow_ocsp_redirects).and_raise(ArgumentError.new("test"))
-      valid, error, cert = SSLTest.test("https://updown.io")
+      valid, error, cert = SSLTest.test("https://digicert.com")
       expect(error).to eq ("SSL certificate test failed: test")
       expect(valid).to be_nil
       expect(cert).to be_a OpenSSL::X509::Certificate
@@ -97,8 +110,8 @@ describe SSLTest do
     it "returns error on revoked cert (OCSP)" do
       expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
       expect(SSLTest).not_to receive(:follow_crl_redirects)
-      valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
-      expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2021-10-27 21:38:48 UTC)")
+      valid, error, cert = SSLTest.test("https://revoked-rsa-dv.ssl.com/")
+      expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2025-06-09 15:07:39 UTC)")
       expect(valid).to eq(false)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
@@ -107,14 +120,15 @@ describe SSLTest do
       expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
       expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
       valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
-      expect(error).to eq ("SSL certificate revoked: Unknown reason (revocation date: 2021-10-27 21:38:48 UTC)")
+      expect(error).to eq ("SSL certificate revoked: Key Compromise (revocation date: 2025-11-04 21:01:29 UTC)")
       expect(valid).to eq(false)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
 
     it "stops following redirection after the limit for the revoked certs check" do
       valid, error, cert = SSLTest.test("https://github.com/", redirection_limit: 0)
-      expect(error).to eq ("Revocation test couldn't be performed: OCSP: Request failed (URI: http://ocsp.digicert.com): Too many redirections (> 0), CRL: Request failed (URI: http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl): Too many redirections (> 0)")
+      expect(error).to include("Revocation test couldn't be performed: OCSP: Request failed")
+      expect(error).to include("Too many redirections (> 0)")
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
@@ -123,7 +137,7 @@ describe SSLTest do
       # Disable CRL fallback to see error message
       expect(SSLTest).to receive(:test_crl_revocation).once.and_return([false, "skip CRL", nil])
       expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
-      valid, error, cert = SSLTest.test("https://www.demarches-simplifiees.fr")
+      valid, error, cert = SSLTest.test("https://google.com")
       expect(error).to eq ("Revocation test couldn't be performed: OCSP: Missing OCSP URI in authorityInfoAccess extension, CRL: skip CRL")
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
@@ -143,29 +157,24 @@ describe SSLTest do
       # Disable OCSP to see error message
       expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
       expect(SSLTest).not_to receive(:follow_crl_redirects)
-      valid, error, cert = SSLTest.test("https://meta.updown.io")
+      valid, error, cert = SSLTest.test("https://github.com")
       expect(error).to eq ("Revocation test couldn't be performed: OCSP: skip OCSP, CRL: Missing crlDistributionPoints extension")
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
 
-    it "works with OCSP for first cert and CRL for intermediate (Let's Encrypt R3 intermediate)" do
+    it "works with OCSP for first cert and CRL for intermediate (Google)" do
       expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
       expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
-      valid, error, cert = SSLTest.test("https://meta.updown.io/")
-      expect(error).to be_nil
-      expect(valid).to eq(true)
-      expect(cert).to be_a OpenSSL::X509::Certificate
-    end
-
-    it "works with OCSP for first cert and CRL for intermediate (Certigna Services CA)" do
-      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
-      expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
-      # Similar chain: https://www.demarches-simplifiees.fr
-      valid, error, cert = SSLTest.test("https://www.anonymisation.gov.pf")
+      valid, error, cert = SSLTest.test("https://google.com")
       expect(error).to be_nil
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
+      # make sure both were used
+      expect(SSLTest.cache_size).to match({
+        crl:  hash_including(lists: 1),
+        ocsp: hash_including(responses: 1, errors: 0)
+      })
     end
 
     it "accepts tcps scheme" do
@@ -174,6 +183,43 @@ describe SSLTest do
       expect(valid).to eq(true)
       expect(cert).to be_a OpenSSL::X509::Certificate
     end
+
+    context 'when specifying a proxy' do
+      context 'when the proxy is active' do
+        let(:proxy_thread) do
+          thread = Thread.new do
+            dev_null = WEBrick::Log::new("/dev/null", 7)
+            $proxy = WEBrick::HTTPProxyServer.new Port: 8080,  :Logger => dev_null, :AccessLog => []
+            $proxy.start
+          end
+
+          sleep 0.1 # wait for the proxy to start!
+          allow($proxy).to receive(:do_GET).and_call_original
+
+          thread
+        end
+
+        it 'uses the provided http proxy' do
+          proxy_thread
+
+          valid, error, cert = SSLTest.test("https://updown.io", proxy_host: '127.0.0.1', proxy_port: 8080)
+          expect(error).to be_nil
+          expect(valid).to eq(true)
+          expect(cert).to be_a OpenSSL::X509::Certificate
+
+          expect($proxy).to have_received(:do_GET).twice
+        end
+      end
+
+      context 'when the proxy is not reachable' do
+        it 'returns a http error' do
+          valid, error, cert = SSLTest.test("https://updown.io", proxy_host: '127.0.0.1', proxy_port: 55000)
+          expect(error).to include('(Connection refused - connect(2) for "127.0.0.1" port 55000)')
+          expect(valid).to be_nil
+          expect(cert).to be_nil
+        end
+      end
+    end
   end
 
   describe '.cache_size' do
@@ -190,11 +236,11 @@ describe SSLTest do
       SSLTest.send(:follow_crl_redirects, URI("http://crl.certigna.fr/certigna.crl")) # 1.1k
       SSLTest.send(:follow_crl_redirects, URI("http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl")) # 26k
       expect(SSLTest.cache_size[:crl][:lists]).to eq(2)
-      expect(SSLTest.cache_size[:crl][:bytes]).to be > 27_000
+      expect(SSLTest.cache_size[:crl][:bytes]).to be > 6000
     end
 
     it "returns OCSP cache size properly" do
-      SSLTest.test("https://updown.io")
+      SSLTest.test("https://google.com")
       expect(SSLTest.cache_size[:ocsp][:responses]).to eq(1)
       expect(SSLTest.cache_size[:ocsp][:errors]).to eq(0)
       expect(SSLTest.cache_size[:ocsp][:bytes]).to be > 150
@@ -209,7 +255,7 @@ describe SSLTest do
     it "fetch CRL list and updates cache" do
       uri = URI("http://crl.certigna.fr/certigna.crl")
       body, error = SSLTest.send(:follow_crl_redirects, uri)
-      expect(body.bytesize).to equal 1152
+      expect(body.bytesize).to equal 1417
       expect(error).to be_nil
 
       # Check cache status
@@ -233,4 +279,195 @@ describe SSLTest do
       expect(body2).to be(body) # but we're still using cache because it's a 304
     end
   end
-end
+
+  describe '.test_cert' do
+    it "returns no error on valid SNI website" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_mycs_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_mycs_com_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns no error on self signed certificates" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/self_signed_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/self_signed_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on expired cert" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/expired_cert_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/expired_cert_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("error code 10: certificate has expired")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on incomplete chain" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/incomplete_chain_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/incomplete_chain_ca_bundle.pem')))
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("error code 20: unable to get local issuer certificate")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "reports revocation exceptions" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/digicert_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/digicert_com_ca_bundle.pem')))
+      expect(SSLTest).to receive(:follow_ocsp_redirects).and_raise(ArgumentError.new("test"))
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq("SSL certificate test failed: test")
+      expect(valid).to be_nil
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on revoked cert (OCSP)" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/revoked_rsa_dv_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/revoked_rsa_dv_ca_bundle.pem')))
+
+      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
+      expect(SSLTest).not_to receive(:follow_crl_redirects)
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2025-06-09 15:07:39 UTC)")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "returns error on revoked cert (CRL)" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/revoked_badssl_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/revoked_badssl_ca_bundle.pem')))
+
+      expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
+      expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("SSL certificate revoked: Key Compromise (revocation date: 2025-11-04 21:01:29 UTC)")
+      expect(valid).to eq(false)
+      expect(cert).to eq(cert)
+    end
+
+    it "stops following redirection after the limit for the revoked certs check" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_github_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_github_com_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle, redirection_limit: 0)
+      expect(error).to include("Revocation test couldn't be performed: OCSP: Request failed")
+      expect(error).to include("Too many redirections (> 0)")
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "warns when the OCSP URI is missing" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+      # Disable CRL fallback to see error message
+      expect(SSLTest).to receive(:test_crl_revocation).once.and_return([false, "skip CRL", nil])
+      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("Revocation test couldn't be performed: OCSP: Missing OCSP URI in authorityInfoAccess extension, CRL: skip CRL")
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "works with CRL only" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_demarches-simplifiees_fr_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_demarches-simplifiees_fr_ca_bundle.pem')))
+
+      # Disable OCSP
+      expect(SSLTest).to receive(:test_ocsp_revocation).twice.and_return([false, "skip OCSP", nil])
+      expect(SSLTest).to receive(:follow_crl_redirects).twice.and_call_original
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+    end
+
+    it "warns when the CRL URI is missing" do
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/www_github_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/www_github_com_ca_bundle.pem')))
+
+      # Disable OCSP to see error message
+      expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
+      expect(SSLTest).not_to receive(:follow_crl_redirects)
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to eq ("Revocation test couldn't be performed: OCSP: skip OCSP, CRL: Missing crlDistributionPoints extension")
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+
+    end
+
+    it "works with OCSP for first cert and CRL for intermediate (Google)" do
+      expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
+      expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
+
+      cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+      ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+      valid, error, cert = SSLTest.test_cert(cert, ca_bundle)
+      expect(error).to be_nil
+      expect(valid).to eq(true)
+      expect(cert).to eq(cert)
+      # make sure both were used
+      expect(SSLTest.cache_size).to match({
+        crl:  hash_including(lists: 1),
+        ocsp: hash_including(responses: 1, errors: 0)
+      })
+    end
+
+    context 'when specifying a proxy' do
+      context 'when the proxy is active' do
+        let(:proxy_thread) do
+          thread = Thread.new do
+            dev_null = WEBrick::Log::new("/dev/null", 7)
+            $proxy = WEBrick::HTTPProxyServer.new Port: 8080,  :Logger => dev_null, :AccessLog => []
+            $proxy.start
+          end
+
+          sleep 0.1 # wait for the proxy to start!
+          allow($proxy).to receive(:do_GET).and_call_original
+
+          thread
+        end
+
+        it 'uses the provided http proxy' do
+          proxy_thread
+
+          cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+          ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+          valid, error, cert = SSLTest.test_cert(cert, ca_bundle, proxy_host: '127.0.0.1', proxy_port: 8080)
+          expect(error).to be_nil
+          expect(valid).to eq(true)
+          expect(cert).to eq(cert)
+
+          expect($proxy).to have_received(:do_GET).once
+        end
+      end
+
+      context 'when the proxy is not reachable' do
+        it 'returns a http error' do
+          cert = OpenSSL::X509::Certificate.new(File.read(File.join(__dir__, 'fixtures/google_com_client.pem')))
+          ca_bundle = OpenSSL::X509::Certificate.load(File.read(File.join(__dir__, 'fixtures/google_com_ca_bundle.pem')))
+
+          valid, error, cert = SSLTest.test_cert(cert, ca_bundle, proxy_host: '127.0.0.1', proxy_port: 55000)
+          expect(error).to include('(Connection refused - connect(2) for "127.0.0.1" port 55000)')
+          expect(valid).to be_nil
+          expect(cert).to eq(cert)
+        end
+      end
+    end
+  end
+end

data/ssl-test.gemspec

@@ -20,4 +20,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", ">= 1.7"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec"
+  spec.add_development_dependency "webrick"
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: ssl-test
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Adrien Rey-Jarthon
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-24 00:00:00.000000000 Z
+date: 2025-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,7 +51,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 email:
 - jobs@adrienjarthon.com
 executables: []
@@ -70,13 +82,32 @@ files:
 - lib/ssl-test/crl.rb
 - lib/ssl-test/object_size.rb
 - lib/ssl-test/ocsp.rb
+- spec/fixtures/digicert_com_ca_bundle.pem
+- spec/fixtures/digicert_com_client.pem
+- spec/fixtures/expired_cert_ca_bundle.pem
+- spec/fixtures/expired_cert_client.pem
+- spec/fixtures/google_com_ca_bundle.pem
+- spec/fixtures/google_com_client.pem
+- spec/fixtures/incomplete_chain_ca_bundle.pem
+- spec/fixtures/incomplete_chain_client.pem
+- spec/fixtures/revoked_badssl_ca_bundle.pem
+- spec/fixtures/revoked_badssl_client.pem
+- spec/fixtures/revoked_rsa_dv_ca_bundle.pem
+- spec/fixtures/revoked_rsa_dv_client.pem
+- spec/fixtures/self_signed_ca_bundle.pem
+- spec/fixtures/self_signed_client.pem
+- spec/fixtures/www_demarches-simplifiees_fr_ca_bundle.pem
+- spec/fixtures/www_demarches-simplifiees_fr_client.pem
+- spec/fixtures/www_github_com_ca_bundle.pem
+- spec/fixtures/www_github_com_client.pem
+- spec/fixtures/www_mycs_com_ca_bundle.pem
+- spec/fixtures/www_mycs_com_client.pem
 - spec/ssl-test_spec.rb
 - ssl-test.gemspec
 homepage: https://github.com/jarthod/ssl-test
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -91,9 +122,28 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
-signing_key: 
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Test website SSL certificate validity
 test_files:
+- spec/fixtures/digicert_com_ca_bundle.pem
+- spec/fixtures/digicert_com_client.pem
+- spec/fixtures/expired_cert_ca_bundle.pem
+- spec/fixtures/expired_cert_client.pem
+- spec/fixtures/google_com_ca_bundle.pem
+- spec/fixtures/google_com_client.pem
+- spec/fixtures/incomplete_chain_ca_bundle.pem
+- spec/fixtures/incomplete_chain_client.pem
+- spec/fixtures/revoked_badssl_ca_bundle.pem
+- spec/fixtures/revoked_badssl_client.pem
+- spec/fixtures/revoked_rsa_dv_ca_bundle.pem
+- spec/fixtures/revoked_rsa_dv_client.pem
+- spec/fixtures/self_signed_ca_bundle.pem
+- spec/fixtures/self_signed_client.pem
+- spec/fixtures/www_demarches-simplifiees_fr_ca_bundle.pem
+- spec/fixtures/www_demarches-simplifiees_fr_client.pem
+- spec/fixtures/www_github_com_ca_bundle.pem
+- spec/fixtures/www_github_com_client.pem
+- spec/fixtures/www_mycs_com_ca_bundle.pem
+- spec/fixtures/www_mycs_com_client.pem
 - spec/ssl-test_spec.rb