ssl_diagnostics 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ NzkzNmE3OWU0MjYyNjBkZjAxNmMwNmMzYjBiNmRmYWI2MWQ5ZWJjNQ==
5
+ data.tar.gz: !binary |-
6
+ YjM5NmM1YWQ3NGY2MTgwNzYyZDUyZDk3OGM3OWIyY2RlYzQ2ZmJmOQ==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ ODY4MDU2MzM5NmE1NzY2NGM5NGE0MjI2NGE5MWUyYzFhN2EwNzY3YTUyMDkw
10
+ MWZkNGY3YWVhYTI3M2QyNDQ5N2M3YTkwMzBkM2U0NDVkNDNhZTYxOWNhZmVm
11
+ ZDM3YTQ3YjljZDZiZDE4MDQwMThmNGQxZmY1NDE3NTlkZDZmOTM=
12
+ data.tar.gz: !binary |-
13
+ OGI2ZmRiYThmZmNhZmYzMjE0YWUyNTY1MDVmMmI1MWZlNTBiMDExOTY5ZGJl
14
+ ZDg4ZGZjYWIyZmYwMDkzMGU3ZDNjMGExN2IxZTlhMzMzZGEzY2RlYmVjNTE1
15
+ NTI4ZDczNzNkNzE5NmNhNjIxYzJmNTg1NjY2N2M1M2JmNTRmZGI=
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2015 Rob Nichols and Warwickshire County Council
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,3 @@
1
+ SSL Diagnostics
2
+ ===============
3
+
data/Rakefile ADDED
File without changes
@@ -0,0 +1,11 @@
1
+ require 'ssl_diagnostics'
2
+ require 'rails'
3
+ module MyPlugin
4
+ class Railtie < Rails::Railtie
5
+ railtie_name :ssl_diagnostics
6
+
7
+ rake_tasks do
8
+ load File.expand_path("../../tasks/ssl_diagnostics.rake", File.dirname(__FILE__))
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,9 @@
1
+ module SslDiagnostics
2
+ VERSION = '0.0.1'
3
+ end
4
+
5
+ # History
6
+ # =======
7
+ #
8
+ # 0.0.1: First version
9
+ #
@@ -0,0 +1,97 @@
1
+ # An SSL diagnotic tool. See http://mislav.uniqpath.com/2013/07/ruby-openssl/
2
+
3
+ module SslDiagnostics
4
+
5
+ require 'ssl_diagnostics/railtie' if defined?(Rails)
6
+
7
+ def self.run
8
+ # Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
9
+ require 'rbconfig'
10
+ require 'net/https'
11
+
12
+ if ENV['URL'] =~ /^[^-]/
13
+ host, port = ENV['URL'].split(':', 2)
14
+ else
15
+ host = 'www.warwickshire.gov.uk'
16
+ end
17
+ port ||= 443
18
+
19
+ ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
20
+ ruby_version = RUBY_VERSION
21
+ if patch = RbConfig::CONFIG['PATCHLEVEL']
22
+ ruby_version += "-p#{patch}"
23
+ end
24
+ puts "%s (%s)" % [ruby, ruby_version]
25
+
26
+ openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
27
+ mac_openssl = '/System/Library/OpenSSL' == openssl_dir
28
+ puts "%s: %s" % [OpenSSL::OPENSSL_VERSION, openssl_dir]
29
+ [OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do |key|
30
+ puts "%s=%s" % [key, ENV[key].to_s.inspect]
31
+ end
32
+
33
+ ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
34
+ ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')
35
+
36
+ puts "\nHEAD https://#{host}:#{port}"
37
+ http = Net::HTTP.new(host, port)
38
+ http.use_ssl = true
39
+
40
+ # Explicitly setting cert_store like this is not needed in most cases but it
41
+ # seems necessary in edge cases such as when using `verify_callback` in some
42
+ # combination of Ruby + OpenSSL versions.
43
+ http.cert_store = OpenSSL::X509::Store.new
44
+ http.cert_store.set_default_paths
45
+
46
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
47
+ failed_cert = failed_cert_reason = nil
48
+
49
+ if mac_openssl
50
+ warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
51
+ # This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
52
+ # system OpenSSL, the mere fact of defining a `verify_callback` makes the
53
+ # cert verification fail for requests that would otherwise be successful.
54
+ else
55
+ http.verify_callback = lambda { |verify_ok, store_context|
56
+ if !verify_ok
57
+ failed_cert = store_context.current_cert
58
+ failed_cert_reason = "%d: %s" % [ store_context.error, store_context.error_string ]
59
+ end
60
+ verify_ok
61
+ }
62
+ end
63
+
64
+ user_agent = "net/http #{ruby_version}"
65
+ req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)
66
+
67
+ begin
68
+ res = http.start { http.request(req) }
69
+ abort res.inspect if res.code.to_i >= 500
70
+ puts "OK"
71
+ rescue Errno::ECONNREFUSED
72
+ puts "Error: connection refused"
73
+ exit 1
74
+ rescue OpenSSL::SSL::SSLError => e
75
+ puts "#{e.class}: #{e.message}"
76
+
77
+ if failed_cert
78
+ puts "\nThe server presented a certificate that could not be verified:"
79
+ puts " subject: #{failed_cert.subject}"
80
+ puts " issuer: #{failed_cert.issuer}"
81
+ puts " error code %s" % failed_cert_reason
82
+ end
83
+
84
+ ca_file_missing = !File.exist?(ca_file) && !mac_openssl
85
+ ca_path_empty = Dir["#{ca_path}/*"].empty?
86
+
87
+ if ca_file_missing || ca_path_empty
88
+ puts "\nPossible causes:"
89
+ puts " `%s' does not exist" % ca_file if ca_file_missing
90
+ puts " `%s/' is empty" % ca_path if ca_path_empty
91
+ end
92
+
93
+ exit 1
94
+ end
95
+ end
96
+
97
+ end
@@ -0,0 +1,9 @@
1
+ namespace :ssl_diagnostics do
2
+
3
+ desc 'Run a set of diagnostics to check SSL setup'
4
+ task :run do
5
+ require 'ssl_diagnostics'
6
+ SslDiagnostics.run
7
+ end
8
+
9
+ end
metadata ADDED
@@ -0,0 +1,52 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ssl_diagnostics
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Rob Nichols
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-03-04 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Wrapper for Mislav Marohnić's SSL Doctor
14
+ email:
15
+ - rob@undervale.co.uk
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - MIT-LICENSE
21
+ - README.md
22
+ - Rakefile
23
+ - lib/ssl_diagnostics.rb
24
+ - lib/ssl_diagnostics/railtie.rb
25
+ - lib/ssl_diagnostics/version.rb
26
+ - tasks/ssl_diagnostics.rake
27
+ homepage: https://git.warwickshire.gov.uk/ssl_diagnostics
28
+ licenses:
29
+ - MIT-LICENSE
30
+ metadata: {}
31
+ post_install_message:
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ! '>='
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ! '>='
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubyforge_project:
47
+ rubygems_version: 2.2.2
48
+ signing_key:
49
+ specification_version: 4
50
+ summary: SSL Diagnostic tool
51
+ test_files: []
52
+ has_rdoc: