ssl_diagnostics 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/MIT-LICENSE +20 -0
- data/README.md +3 -0
- data/Rakefile +0 -0
- data/lib/ssl_diagnostics/railtie.rb +11 -0
- data/lib/ssl_diagnostics/version.rb +9 -0
- data/lib/ssl_diagnostics.rb +97 -0
- data/tasks/ssl_diagnostics.rake +9 -0
- metadata +52 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
NzkzNmE3OWU0MjYyNjBkZjAxNmMwNmMzYjBiNmRmYWI2MWQ5ZWJjNQ==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
YjM5NmM1YWQ3NGY2MTgwNzYyZDUyZDk3OGM3OWIyY2RlYzQ2ZmJmOQ==
|
7
|
+
SHA512:
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
ODY4MDU2MzM5NmE1NzY2NGM5NGE0MjI2NGE5MWUyYzFhN2EwNzY3YTUyMDkw
|
10
|
+
MWZkNGY3YWVhYTI3M2QyNDQ5N2M3YTkwMzBkM2U0NDVkNDNhZTYxOWNhZmVm
|
11
|
+
ZDM3YTQ3YjljZDZiZDE4MDQwMThmNGQxZmY1NDE3NTlkZDZmOTM=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
OGI2ZmRiYThmZmNhZmYzMjE0YWUyNTY1MDVmMmI1MWZlNTBiMDExOTY5ZGJl
|
14
|
+
ZDg4ZGZjYWIyZmYwMDkzMGU3ZDNjMGExN2IxZTlhMzMzZGEzY2RlYmVjNTE1
|
15
|
+
NTI4ZDczNzNkNzE5NmNhNjIxYzJmNTg1NjY2N2M1M2JmNTRmZGI=
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2015 Rob Nichols and Warwickshire County Council
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
data/Rakefile
ADDED
File without changes
|
@@ -0,0 +1,97 @@
|
|
1
|
+
# An SSL diagnotic tool. See http://mislav.uniqpath.com/2013/07/ruby-openssl/
|
2
|
+
|
3
|
+
module SslDiagnostics
|
4
|
+
|
5
|
+
require 'ssl_diagnostics/railtie' if defined?(Rails)
|
6
|
+
|
7
|
+
def self.run
|
8
|
+
# Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
|
9
|
+
require 'rbconfig'
|
10
|
+
require 'net/https'
|
11
|
+
|
12
|
+
if ENV['URL'] =~ /^[^-]/
|
13
|
+
host, port = ENV['URL'].split(':', 2)
|
14
|
+
else
|
15
|
+
host = 'www.warwickshire.gov.uk'
|
16
|
+
end
|
17
|
+
port ||= 443
|
18
|
+
|
19
|
+
ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
|
20
|
+
ruby_version = RUBY_VERSION
|
21
|
+
if patch = RbConfig::CONFIG['PATCHLEVEL']
|
22
|
+
ruby_version += "-p#{patch}"
|
23
|
+
end
|
24
|
+
puts "%s (%s)" % [ruby, ruby_version]
|
25
|
+
|
26
|
+
openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
|
27
|
+
mac_openssl = '/System/Library/OpenSSL' == openssl_dir
|
28
|
+
puts "%s: %s" % [OpenSSL::OPENSSL_VERSION, openssl_dir]
|
29
|
+
[OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do |key|
|
30
|
+
puts "%s=%s" % [key, ENV[key].to_s.inspect]
|
31
|
+
end
|
32
|
+
|
33
|
+
ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
|
34
|
+
ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')
|
35
|
+
|
36
|
+
puts "\nHEAD https://#{host}:#{port}"
|
37
|
+
http = Net::HTTP.new(host, port)
|
38
|
+
http.use_ssl = true
|
39
|
+
|
40
|
+
# Explicitly setting cert_store like this is not needed in most cases but it
|
41
|
+
# seems necessary in edge cases such as when using `verify_callback` in some
|
42
|
+
# combination of Ruby + OpenSSL versions.
|
43
|
+
http.cert_store = OpenSSL::X509::Store.new
|
44
|
+
http.cert_store.set_default_paths
|
45
|
+
|
46
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
47
|
+
failed_cert = failed_cert_reason = nil
|
48
|
+
|
49
|
+
if mac_openssl
|
50
|
+
warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
|
51
|
+
# This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
|
52
|
+
# system OpenSSL, the mere fact of defining a `verify_callback` makes the
|
53
|
+
# cert verification fail for requests that would otherwise be successful.
|
54
|
+
else
|
55
|
+
http.verify_callback = lambda { |verify_ok, store_context|
|
56
|
+
if !verify_ok
|
57
|
+
failed_cert = store_context.current_cert
|
58
|
+
failed_cert_reason = "%d: %s" % [ store_context.error, store_context.error_string ]
|
59
|
+
end
|
60
|
+
verify_ok
|
61
|
+
}
|
62
|
+
end
|
63
|
+
|
64
|
+
user_agent = "net/http #{ruby_version}"
|
65
|
+
req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)
|
66
|
+
|
67
|
+
begin
|
68
|
+
res = http.start { http.request(req) }
|
69
|
+
abort res.inspect if res.code.to_i >= 500
|
70
|
+
puts "OK"
|
71
|
+
rescue Errno::ECONNREFUSED
|
72
|
+
puts "Error: connection refused"
|
73
|
+
exit 1
|
74
|
+
rescue OpenSSL::SSL::SSLError => e
|
75
|
+
puts "#{e.class}: #{e.message}"
|
76
|
+
|
77
|
+
if failed_cert
|
78
|
+
puts "\nThe server presented a certificate that could not be verified:"
|
79
|
+
puts " subject: #{failed_cert.subject}"
|
80
|
+
puts " issuer: #{failed_cert.issuer}"
|
81
|
+
puts " error code %s" % failed_cert_reason
|
82
|
+
end
|
83
|
+
|
84
|
+
ca_file_missing = !File.exist?(ca_file) && !mac_openssl
|
85
|
+
ca_path_empty = Dir["#{ca_path}/*"].empty?
|
86
|
+
|
87
|
+
if ca_file_missing || ca_path_empty
|
88
|
+
puts "\nPossible causes:"
|
89
|
+
puts " `%s' does not exist" % ca_file if ca_file_missing
|
90
|
+
puts " `%s/' is empty" % ca_path if ca_path_empty
|
91
|
+
end
|
92
|
+
|
93
|
+
exit 1
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
end
|
metadata
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ssl_diagnostics
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Rob Nichols
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-03-04 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Wrapper for Mislav Marohnić's SSL Doctor
|
14
|
+
email:
|
15
|
+
- rob@undervale.co.uk
|
16
|
+
executables: []
|
17
|
+
extensions: []
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
20
|
+
- MIT-LICENSE
|
21
|
+
- README.md
|
22
|
+
- Rakefile
|
23
|
+
- lib/ssl_diagnostics.rb
|
24
|
+
- lib/ssl_diagnostics/railtie.rb
|
25
|
+
- lib/ssl_diagnostics/version.rb
|
26
|
+
- tasks/ssl_diagnostics.rake
|
27
|
+
homepage: https://git.warwickshire.gov.uk/ssl_diagnostics
|
28
|
+
licenses:
|
29
|
+
- MIT-LICENSE
|
30
|
+
metadata: {}
|
31
|
+
post_install_message:
|
32
|
+
rdoc_options: []
|
33
|
+
require_paths:
|
34
|
+
- lib
|
35
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ! '>='
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
41
|
+
requirements:
|
42
|
+
- - ! '>='
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: '0'
|
45
|
+
requirements: []
|
46
|
+
rubyforge_project:
|
47
|
+
rubygems_version: 2.2.2
|
48
|
+
signing_key:
|
49
|
+
specification_version: 4
|
50
|
+
summary: SSL Diagnostic tool
|
51
|
+
test_files: []
|
52
|
+
has_rdoc:
|