ssl-test 1.4.0 → 1.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ruby.yml +18 -0
- data/README.md +5 -0
- data/lib/ssl-test.rb +2 -2
- data/spec/ssl-test_spec.rb +23 -13
- metadata +5 -4
- data/.travis.yml +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d3e34cb1b1925cf541b7c8022e4c41adb5346214a48b719ec4fa99b7c434bd38
|
|
4
|
+
data.tar.gz: 6b577636e88f9741891bc0161b72b921389be95a7b1323f148c26f41e64e2294
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ad5bbf6ef3f47b7ca645218047ab6b93c3fe497e9233e69bcce3cf7b199bf338dcb358c64b8787b5426235373df76f0d1c8c455a2ee67d9cd3361def51941439
|
|
7
|
+
data.tar.gz: 9af52c3812ff2b6c236a592949af4466fe7badbb036f134485847b4db32d53c513c7053fc591f567e091d866ce5078966949053d7cdd37b63163f586db44ad20
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
name: Specs
|
|
2
|
+
on: [push]
|
|
3
|
+
jobs:
|
|
4
|
+
specs:
|
|
5
|
+
runs-on: ubuntu-latest
|
|
6
|
+
strategy:
|
|
7
|
+
matrix:
|
|
8
|
+
ruby-version: ['2.6', '2.7', '3.0', '3.1', 'jruby-head', 'truffleruby-head']
|
|
9
|
+
steps:
|
|
10
|
+
- uses: actions/checkout@v2
|
|
11
|
+
- name: Set up Ruby
|
|
12
|
+
uses: ruby/setup-ruby@v1
|
|
13
|
+
with:
|
|
14
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
15
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
|
16
|
+
- name: Run specs
|
|
17
|
+
run: |
|
|
18
|
+
bundle exec rspec
|
data/README.md
CHANGED
|
@@ -138,9 +138,14 @@ But also **revoked certs** like most browsers (not handled by `curl`)
|
|
|
138
138
|
|
|
139
139
|
## Changelog
|
|
140
140
|
|
|
141
|
+
See also github releases: https://github.com/jarthod/ssl-test/releases
|
|
142
|
+
|
|
143
|
+
* 1.4.1 - 2022-10-24: Add support for "tcps://" scheme
|
|
141
144
|
* 1.4.0 - 2021-01-16: Implemented CRL as fallback to OCSP + expose cache metrics + add logger support
|
|
142
145
|
* 1.3.1 - 2020-04-25: Improved caching of failed OCSP responses (#5)
|
|
143
146
|
* 1.3.0 - 2020-04-25: Added revoked cert detection using OCSP (#3)
|
|
147
|
+
* 1.2.0 - 2018-03-04: Better support for wrong hostname across ruby versions
|
|
148
|
+
* 1.1.0 - 2017-01-13: Removed HTTP call, Net::HTTP#start is enough to open the connection and get cert details and validation
|
|
144
149
|
|
|
145
150
|
## Contributing
|
|
146
151
|
|
data/lib/ssl-test.rb
CHANGED
|
@@ -10,12 +10,12 @@ module SSLTest
|
|
|
10
10
|
extend OCSP
|
|
11
11
|
extend CRL
|
|
12
12
|
|
|
13
|
-
VERSION = -"1.4.
|
|
13
|
+
VERSION = -"1.4.1"
|
|
14
14
|
|
|
15
15
|
class << self
|
|
16
16
|
def test url, open_timeout: 5, read_timeout: 5, redirection_limit: 5
|
|
17
17
|
uri = URI.parse(url)
|
|
18
|
-
return if uri.scheme != 'https'
|
|
18
|
+
return if uri.scheme != 'https' and uri.scheme != 'tcps'
|
|
19
19
|
cert = failed_cert_reason = chain = nil
|
|
20
20
|
|
|
21
21
|
@logger&.info { "SSLTest #{url} started" }
|
data/spec/ssl-test_spec.rb
CHANGED
|
@@ -15,6 +15,7 @@ describe SSLTest do
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
it "returns no error on valid SAN" do
|
|
18
|
+
pending "Expired for the moment"
|
|
18
19
|
valid, error, cert = SSLTest.test("https://1000-sans.badssl.com/")
|
|
19
20
|
expect(error).to be_nil
|
|
20
21
|
expect(valid).to eq(true)
|
|
@@ -22,7 +23,7 @@ describe SSLTest do
|
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
it "returns no error when no CN" do
|
|
25
|
-
|
|
26
|
+
pending "Expired for the moment https://github.com/chromium/badssl.com/issues/447"
|
|
26
27
|
valid, error, cert = SSLTest.test("https://no-common-name.badssl.com/")
|
|
27
28
|
expect(error).to be_nil
|
|
28
29
|
expect(valid).to eq(true)
|
|
@@ -38,7 +39,7 @@ describe SSLTest do
|
|
|
38
39
|
|
|
39
40
|
it "returns error on self signed certificate" do
|
|
40
41
|
valid, error, cert = SSLTest.test("https://self-signed.badssl.com/")
|
|
41
|
-
expect(error).to eq ("error code 18: self
|
|
42
|
+
expect(error).to eq ("error code 18: self-signed certificate")
|
|
42
43
|
expect(valid).to eq(false)
|
|
43
44
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
44
45
|
end
|
|
@@ -52,14 +53,14 @@ describe SSLTest do
|
|
|
52
53
|
|
|
53
54
|
it "returns error on untrusted root" do
|
|
54
55
|
valid, error, cert = SSLTest.test("https://untrusted-root.badssl.com/")
|
|
55
|
-
expect(error).to eq ("error code 19: self
|
|
56
|
+
expect(error).to eq ("error code 19: self-signed certificate in certificate chain")
|
|
56
57
|
expect(valid).to eq(false)
|
|
57
58
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
58
59
|
end
|
|
59
60
|
|
|
60
61
|
it "returns error on invalid host" do
|
|
61
62
|
valid, error, cert = SSLTest.test("https://wrong.host.badssl.com/")
|
|
62
|
-
expect(error).to include('
|
|
63
|
+
expect(error).to include('error code 62: hostname mismatch')
|
|
63
64
|
expect(valid).to eq(false)
|
|
64
65
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
65
66
|
end
|
|
@@ -80,7 +81,7 @@ describe SSLTest do
|
|
|
80
81
|
|
|
81
82
|
it "stops on timeouts" do
|
|
82
83
|
valid, error, cert = SSLTest.test("https://updown.io", open_timeout: 0)
|
|
83
|
-
expect(error).to eq ("SSL certificate test failed:
|
|
84
|
+
expect(error).to eq ("SSL certificate test failed: Failed to open TCP connection to updown.io:443 (Connection timed out - user specified timeout)")
|
|
84
85
|
expect(valid).to be_nil
|
|
85
86
|
expect(cert).to be_nil
|
|
86
87
|
end
|
|
@@ -97,7 +98,7 @@ describe SSLTest do
|
|
|
97
98
|
expect(SSLTest).to receive(:follow_ocsp_redirects).once.and_call_original
|
|
98
99
|
expect(SSLTest).not_to receive(:follow_crl_redirects)
|
|
99
100
|
valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
|
|
100
|
-
expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date:
|
|
101
|
+
expect(error).to eq ("SSL certificate revoked: The certificate was revoked for an unknown reason (revocation date: 2021-10-27 21:38:48 UTC)")
|
|
101
102
|
expect(valid).to eq(false)
|
|
102
103
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
103
104
|
end
|
|
@@ -106,14 +107,14 @@ describe SSLTest do
|
|
|
106
107
|
expect(SSLTest).to receive(:test_ocsp_revocation).once.and_return([false, "skip OCSP", nil])
|
|
107
108
|
expect(SSLTest).to receive(:follow_crl_redirects).once.and_call_original
|
|
108
109
|
valid, error, cert = SSLTest.test("https://revoked.badssl.com/")
|
|
109
|
-
expect(error).to eq ("SSL certificate revoked: Unknown reason (revocation date:
|
|
110
|
+
expect(error).to eq ("SSL certificate revoked: Unknown reason (revocation date: 2021-10-27 21:38:48 UTC)")
|
|
110
111
|
expect(valid).to eq(false)
|
|
111
112
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
112
113
|
end
|
|
113
114
|
|
|
114
115
|
it "stops following redirection after the limit for the revoked certs check" do
|
|
115
116
|
valid, error, cert = SSLTest.test("https://github.com/", redirection_limit: 0)
|
|
116
|
-
expect(error).to eq ("Revocation test couldn't be performed: OCSP: Request failed (URI: http://ocsp.digicert.com): Too many redirections (> 0), CRL: Request failed (URI: http://crl3.digicert.com/
|
|
117
|
+
expect(error).to eq ("Revocation test couldn't be performed: OCSP: Request failed (URI: http://ocsp.digicert.com): Too many redirections (> 0), CRL: Request failed (URI: http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl): Too many redirections (> 0)")
|
|
117
118
|
expect(valid).to eq(true)
|
|
118
119
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
119
120
|
end
|
|
@@ -166,6 +167,13 @@ describe SSLTest do
|
|
|
166
167
|
expect(valid).to eq(true)
|
|
167
168
|
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
168
169
|
end
|
|
170
|
+
|
|
171
|
+
it "accepts tcps scheme" do
|
|
172
|
+
valid, error, cert = SSLTest.test("tcps://updown.io:443")
|
|
173
|
+
expect(error).to be_nil
|
|
174
|
+
expect(valid).to eq(true)
|
|
175
|
+
expect(cert).to be_a OpenSSL::X509::Certificate
|
|
176
|
+
end
|
|
169
177
|
end
|
|
170
178
|
|
|
171
179
|
describe '.cache_size' do
|
|
@@ -179,17 +187,19 @@ describe SSLTest do
|
|
|
179
187
|
end
|
|
180
188
|
|
|
181
189
|
it "returns CRL cache size properly" do
|
|
182
|
-
SSLTest.send(:follow_crl_redirects, URI("http://crl.certigna.fr/certigna.crl")) # 1.
|
|
183
|
-
SSLTest.send(:follow_crl_redirects, URI("http://crl3.digicert.com/
|
|
190
|
+
SSLTest.send(:follow_crl_redirects, URI("http://crl.certigna.fr/certigna.crl")) # 1.1k
|
|
191
|
+
SSLTest.send(:follow_crl_redirects, URI("http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl")) # 26k
|
|
184
192
|
expect(SSLTest.cache_size[:crl][:lists]).to eq(2)
|
|
185
|
-
expect(SSLTest.cache_size[:crl][:bytes]).to be >
|
|
193
|
+
expect(SSLTest.cache_size[:crl][:bytes]).to be > 27_000
|
|
186
194
|
end
|
|
187
195
|
|
|
188
196
|
it "returns OCSP cache size properly" do
|
|
189
197
|
SSLTest.test("https://updown.io")
|
|
190
|
-
expect(SSLTest.cache_size[:ocsp][:responses]).to eq(
|
|
198
|
+
expect(SSLTest.cache_size[:ocsp][:responses]).to eq(1)
|
|
191
199
|
expect(SSLTest.cache_size[:ocsp][:errors]).to eq(0)
|
|
192
|
-
expect(SSLTest.cache_size[:ocsp][:bytes]).to be >
|
|
200
|
+
expect(SSLTest.cache_size[:ocsp][:bytes]).to be > 150
|
|
201
|
+
expect(SSLTest.cache_size[:crl][:lists]).to eq(1)
|
|
202
|
+
expect(SSLTest.cache_size[:crl][:bytes]).to be > 500
|
|
193
203
|
end
|
|
194
204
|
end
|
|
195
205
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssl-test
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adrien Rey-Jarthon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-10-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -59,8 +59,9 @@ executables: []
|
|
|
59
59
|
extensions: []
|
|
60
60
|
extra_rdoc_files: []
|
|
61
61
|
files:
|
|
62
|
+
- ".github/dependabot.yml"
|
|
63
|
+
- ".github/workflows/ruby.yml"
|
|
62
64
|
- ".gitignore"
|
|
63
|
-
- ".travis.yml"
|
|
64
65
|
- Gemfile
|
|
65
66
|
- LICENSE.txt
|
|
66
67
|
- README.md
|
|
@@ -90,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
91
|
- !ruby/object:Gem::Version
|
|
91
92
|
version: '0'
|
|
92
93
|
requirements: []
|
|
93
|
-
rubygems_version: 3.
|
|
94
|
+
rubygems_version: 3.3.7
|
|
94
95
|
signing_key:
|
|
95
96
|
specification_version: 4
|
|
96
97
|
summary: Test website SSL certificate validity
|