ssl-test 1.4.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ruby.yml +18 -0
- data/README.md +5 -0
- data/lib/ssl-test.rb +2 -2
- data/spec/ssl-test_spec.rb +23 -13
- metadata +5 -4
- data/.travis.yml +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d3e34cb1b1925cf541b7c8022e4c41adb5346214a48b719ec4fa99b7c434bd38
|
|
4
|
+
data.tar.gz: 6b577636e88f9741891bc0161b72b921389be95a7b1323f148c26f41e64e2294
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ad5bbf6ef3f47b7ca645218047ab6b93c3fe497e9233e69bcce3cf7b199bf338dcb358c64b8787b5426235373df76f0d1c8c455a2ee67d9cd3361def51941439
|
|
7
|
+
data.tar.gz: 9af52c3812ff2b6c236a592949af4466fe7badbb036f134485847b4db32d53c513c7053fc591f567e091d866ce5078966949053d7cdd37b63163f586db44ad20
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
name: Specs
|
|
2
|
+
on: [push]
|
|
3
|
+
jobs:
|
|
4
|
+
specs:
|
|
5
|
+
runs-on: ubuntu-latest
|
|
6
|
+
strategy:
|
|
7
|
+
matrix:
|
|
8
|
+
ruby-version: ['2.6', '2.7', '3.0', '3.1', 'jruby-head', 'truffleruby-head']
|
|
9
|
+
steps:
|
|
10
|
+
- uses: actions/checkout@v2
|
|
11
|
+
- name: Set up Ruby
|
|
12
|
+
uses: ruby/setup-ruby@v1
|
|
13
|
+
with:
|
|
14
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
15
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
|
16
|
+
- name: Run specs
|
|
17
|
+
run: |
|
|
18
|
+
bundle exec rspec
|
data/README.md
CHANGED
|
@@ -138,9 +138,14 @@ But also **revoked certs** like most browsers (not handled by `curl`)
|
|
|
138
138
|
|
|
139
139
|
## Changelog
|
|
140
140
|
|
|
141
|
+
See also github releases: https://github.com/jarthod/ssl-test/releases
|
|
142
|
+
|
|
143
|
+
* 1.4.1 - 2022-10-24: Add support for "tcps://" scheme
|
|
141
144
|
* 1.4.0 - 2021-01-16: Implemented CRL as fallback to OCSP + expose cache metrics + add logger support
|
|
142
145
|
* 1.3.1 - 2020-04-25: Improved caching of failed OCSP responses (#5)
|
|
143
146
|
* 1.3.0 - 2020-04-25: Added revoked cert detection using OCSP (#3)
|
|
147
|
+
* 1.2.0 - 2018-03-04: Better support for wrong hostname across ruby versions
|
|
148
|
+
* 1.1.0 - 2017-01-13: Removed HTTP call, Net::HTTP#start is enough to open the connection and get cert details and validation
|
|
144
149
|
|
|
145
150
|
## Contributing
|
|
146
151
|
|
data/lib/ssl-test.rb
CHANGED
|
@@ -10,12 +10,12 @@ module SSLTest
|
|
|
10
10
|
extend OCSP
|
|
11
11
|
extend CRL
|
|
12
12
|
|
|
13
|
-
VERSION = -"1.4.
|
|
13
|
+
VERSION = -"1.4.1"
|
|
14
14
|
|
|
15
15
|
class << self
|
|
16
16
|
def test url, open_timeout: 5, read_timeout: 5, redirection_limit: 5
|
|
17
17
|
uri = URI.parse(url)
|
|
18
|
-
return if uri.scheme != 'https'
|
|
18
|
+
return if uri.scheme != 'https' and uri.scheme != 'tcps'
|
|
19
19
|
cert = failed_cert_reason = chain = nil
|
|
20
20
|
|
|
21
21
|
@logger&.info { "SSLTest #{url} started" }
|
data/spec/ssl-test_spec.rb
CHANGED
|
@@ -15,6 +15,7 @@ describe SSLTest do
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
it "returns no error on valid SAN" do
|
|
18
|
+
pending "Expired for the moment"
|
|
18
19
|
valid, error, cert = SSLTest.test("https://1000-sans.badssl.com/")
|
|
19
20
|
expect(error).to be_nil
|
|
20
21
|
expect(valid).to eq(true)
|
|
@@ -22,7 +23,7 @@ describe SSLTest do
|
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
it "returns no error when no CN" do
|
|
25
|
-
|
|
26
|
+
pending "Expired for the moment https://github.com/chromium/badssl.com/issues/447"
|
|
26
27
|
valid, error, cert = SSLTest.test("https://no-common-name.badssl.com/")
|
|
27
28
|
expect(error).to be_nil
|
|
28
29
|
expect(valid).to eq(true)
|
|
@@ -38,7 +39,7 @@ describe SSLTest do
|
|
|
38
39
|
|
|
39
40
|
it "returns error on self signed certificate" do
|
|
40
41
|
valid, error, cert = SSLTest.test("https://self-signed.badssl.com/")
|
|
41
|
-
expect(error).to eq ("error code 18: self
|
|
42
|
+
expect(error).to eq ("error code 18: self-signed certificate")
|
|
42
43
|
expect(valid).to eq(false)
|
|
43
44
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
44
45
|
end
|
|
@@ -52,14 +53,14 @@ describe SSLTest do
|
|
|
52
53
|
|
|
53
54
|
it "returns error on untrusted root" do
|
|
54
55
|
valid, error, cert = SSLTest.test("https://untrusted-root.badssl.com/")
|
|
55
|
-
expect(error).to eq ("error code 19: self
|
|
56
|
+
expect(error).to eq ("error code 19: self-signed certificate in certificate chain")
|
|
56
57
|
expect(valid).to eq(false)
|
|
57
58
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
58
59
|
end
|
|
59
60
|
|
|
60
61
|
it "returns error on invalid host" do
|
|
61
62
|
valid, error, cert = SSLTest.test("https://wrong.host.badssl.com/")
|
|
62
|
-
expect(error).to include('
|
|
63
|
+
expect(error).to include('error code 62: hostname mismatch')
|
|
63
64
|
expect(valid).to eq(false)
|
|
64
65
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
65
66
|
end
|
|
@@ -80,7 +81,7 @@ describe SSLTest do
|
|
|
80
81
|
|
|
81
82
|
it "stops on timeouts" do
|
|
82
83
|
valid, error, cert = SSLTest.test("https://updown.io", open_timeout: 0)
|
|
83
|
-
expect(error).to eq ("SSL certificate test failed:
|
|
84
|
+
expect(error).to eq ("SSL certificate test failed: Failed to open TCP connection to updown.io:443 (Connection timed out - user specified timeout)")
|
|
84
85
|
expect(valid).to be_nil
|
|
85
86
|
expect(cert).to be_nil
|
|
86
87
|
end
|
|
@@ -97,7 +98,7 @@ describe SSLTest do
|
|
|
97
98
|
expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
|
|
98
99
|
expect(SSLTest).not_to receive(:follow_crl_redirects)
|
|
99
100
|
valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
|
|
100
|
-
expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date:
|
|
101
|
+
expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2021-10-27 21:38:48 UTC)")
|
|
101
102
|
expect(valid).to eq(false)
|
|
102
103
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
103
104
|
end
|
|
@@ -106,14 +107,14 @@ describe SSLTest do
|
|
|
106
107
|
expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
|
|
107
108
|
expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
|
|
108
109
|
valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
|
|
109
|
-
expect(error).to eq ("SSL certificate revoked: Unknown reason (revocation date:
|
|
110
|
+
expect(error).to eq ("SSL certificate revoked: Unknown reason (revocation date: 2021-10-27 21:38:48 UTC)")
|
|
110
111
|
expect(valid).to eq(false)
|
|
111
112
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
112
113
|
end
|
|
113
114
|
|
|
114
115
|
it "stops following redirection after the limit for the revoked certs check" do
|
|
115
116
|
valid, error, cert = SSLTest.test("https://github.com/", redirection_limit: 0)
|
|
116
|
-
expect(error).to eq ("Revocation test couldn't be performed: OCSP: Request failed (URI: http://ocsp.digicert.com): Too many redirections (> 0), CRL: Request failed (URI: http://crl3.digicert.com/
|
|
117
|
+
expect(error).to eq ("Revocation test couldn't be performed: OCSP: Request failed (URI: http://ocsp.digicert.com): Too many redirections (> 0), CRL: Request failed (URI: http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl): Too many redirections (> 0)")
|
|
117
118
|
expect(valid).to eq(true)
|
|
118
119
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
119
120
|
end
|
|
@@ -166,6 +167,13 @@ describe SSLTest do
|
|
|
166
167
|
expect(valid).to eq(true)
|
|
167
168
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
168
169
|
end
|
|
170
|
+
|
|
171
|
+
it "accepts tcps scheme" do
|
|
172
|
+
valid, error, cert = SSLTest.test("tcps://updown.io:443")
|
|
173
|
+
expect(error).to be_nil
|
|
174
|
+
expect(valid).to eq(true)
|
|
175
|
+
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
176
|
+
end
|
|
169
177
|
end
|
|
170
178
|
|
|
171
179
|
describe '.cache_size' do
|
|
@@ -179,17 +187,19 @@ describe SSLTest do
|
|
|
179
187
|
end
|
|
180
188
|
|
|
181
189
|
it "returns CRL cache size properly" do
|
|
182
|
-
SSLTest.send(:follow_crl_redirects, URI("http://crl.certigna.fr/certigna.crl")) # 1.
|
|
183
|
-
SSLTest.send(:follow_crl_redirects, URI("http://crl3.digicert.com/
|
|
190
|
+
SSLTest.send(:follow_crl_redirects, URI("http://crl.certigna.fr/certigna.crl")) # 1.1k
|
|
191
|
+
SSLTest.send(:follow_crl_redirects, URI("http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl")) # 26k
|
|
184
192
|
expect(SSLTest.cache_size[:crl][:lists]).to eq(2)
|
|
185
|
-
expect(SSLTest.cache_size[:crl][:bytes]).to be >
|
|
193
|
+
expect(SSLTest.cache_size[:crl][:bytes]).to be > 27_000
|
|
186
194
|
end
|
|
187
195
|
|
|
188
196
|
it "returns OCSP cache size properly" do
|
|
189
197
|
SSLTest.test("https://updown.io")
|
|
190
|
-
expect(SSLTest.cache_size[:ocsp][:responses]).to eq(
|
|
198
|
+
expect(SSLTest.cache_size[:ocsp][:responses]).to eq(1)
|
|
191
199
|
expect(SSLTest.cache_size[:ocsp][:errors]).to eq(0)
|
|
192
|
-
expect(SSLTest.cache_size[:ocsp][:bytes]).to be >
|
|
200
|
+
expect(SSLTest.cache_size[:ocsp][:bytes]).to be > 150
|
|
201
|
+
expect(SSLTest.cache_size[:crl][:lists]).to eq(1)
|
|
202
|
+
expect(SSLTest.cache_size[:crl][:bytes]).to be > 500
|
|
193
203
|
end
|
|
194
204
|
end
|
|
195
205
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssl-test
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adrien Rey-Jarthon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-10-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -59,8 +59,9 @@ executables: []
|
|
|
59
59
|
extensions: []
|
|
60
60
|
extra_rdoc_files: []
|
|
61
61
|
files:
|
|
62
|
+
- ".github/dependabot.yml"
|
|
63
|
+
- ".github/workflows/ruby.yml"
|
|
62
64
|
- ".gitignore"
|
|
63
|
-
- ".travis.yml"
|
|
64
65
|
- Gemfile
|
|
65
66
|
- LICENSE.txt
|
|
66
67
|
- README.md
|
|
@@ -90,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
91
|
- !ruby/object:Gem::Version
|
|
91
92
|
version: '0'
|
|
92
93
|
requirements: []
|
|
93
|
-
rubygems_version: 3.
|
|
94
|
+
rubygems_version: 3.3.7
|
|
94
95
|
signing_key:
|
|
95
96
|
specification_version: 4
|
|
96
97
|
summary: Test website SSL certificate validity
|