ssl_diagnostics 0.0.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NzkzNmE3OWU0MjYyNjBkZjAxNmMwNmMzYjBiNmRmYWI2MWQ5ZWJjNQ==
+  data.tar.gz: !binary |-
+    YjM5NmM1YWQ3NGY2MTgwNzYyZDUyZDk3OGM3OWIyY2RlYzQ2ZmJmOQ==
+SHA512:
+  metadata.gz: !binary |-
+    ODY4MDU2MzM5NmE1NzY2NGM5NGE0MjI2NGE5MWUyYzFhN2EwNzY3YTUyMDkw
+    MWZkNGY3YWVhYTI3M2QyNDQ5N2M3YTkwMzBkM2U0NDVkNDNhZTYxOWNhZmVm
+    ZDM3YTQ3YjljZDZiZDE4MDQwMThmNGQxZmY1NDE3NTlkZDZmOTM=
+  data.tar.gz: !binary |-
+    OGI2ZmRiYThmZmNhZmYzMjE0YWUyNTY1MDVmMmI1MWZlNTBiMDExOTY5ZGJl
+    ZDg4ZGZjYWIyZmYwMDkzMGU3ZDNjMGExN2IxZTlhMzMzZGEzY2RlYmVjNTE1
+    NTI4ZDczNzNkNzE5NmNhNjIxYzJmNTg1NjY2N2M1M2JmNTRmZGI=

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Rob Nichols and Warwickshire County Council
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,3 @@
+SSL Diagnostics
+===============
+

data/lib/ssl_diagnostics/railtie.rb

@@ -0,0 +1,11 @@
+require 'ssl_diagnostics'
+require 'rails'
+module MyPlugin
+  class Railtie < Rails::Railtie
+    railtie_name :ssl_diagnostics
+
+    rake_tasks do
+      load File.expand_path("../../tasks/ssl_diagnostics.rake", File.dirname(__FILE__))
+    end
+  end
+end

data/lib/ssl_diagnostics/version.rb

@@ -0,0 +1,9 @@
+module SslDiagnostics
+  VERSION = '0.0.1'
+end
+
+# History
+# =======
+#
+# 0.0.1: First version
+# 

data/lib/ssl_diagnostics.rb

@@ -0,0 +1,97 @@
+# An SSL diagnotic tool. See http://mislav.uniqpath.com/2013/07/ruby-openssl/
+
+module SslDiagnostics
+
+  require 'ssl_diagnostics/railtie' if defined?(Rails)
+
+  def self.run
+    # Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
+    require 'rbconfig'
+    require 'net/https'
+
+    if ENV['URL'] =~ /^[^-]/
+      host, port = ENV['URL'].split(':', 2)
+    else
+      host = 'www.warwickshire.gov.uk'
+    end
+    port ||= 443
+
+    ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
+    ruby_version = RUBY_VERSION
+    if patch = RbConfig::CONFIG['PATCHLEVEL']
+      ruby_version += "-p#{patch}"
+    end
+    puts "%s (%s)" % [ruby, ruby_version]
+
+    openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
+    mac_openssl = '/System/Library/OpenSSL' == openssl_dir
+    puts "%s: %s" % [OpenSSL::OPENSSL_VERSION, openssl_dir]
+    [OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do |key|
+      puts "%s=%s" % [key, ENV[key].to_s.inspect]
+    end
+
+    ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
+    ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')
+
+    puts "\nHEAD https://#{host}:#{port}"
+    http = Net::HTTP.new(host, port)
+    http.use_ssl = true
+
+    # Explicitly setting cert_store like this is not needed in most cases but it
+    # seems necessary in edge cases such as when using `verify_callback` in some
+    # combination of Ruby + OpenSSL versions.
+    http.cert_store = OpenSSL::X509::Store.new
+    http.cert_store.set_default_paths
+
+    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    failed_cert = failed_cert_reason = nil
+
+    if mac_openssl
+      warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
+      # This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
+      # system OpenSSL, the mere fact of defining a `verify_callback` makes the
+      # cert verification fail for requests that would otherwise be successful.
+    else
+      http.verify_callback = lambda { |verify_ok, store_context|
+        if !verify_ok
+          failed_cert = store_context.current_cert
+          failed_cert_reason = "%d: %s" % [ store_context.error, store_context.error_string ]
+        end
+        verify_ok
+      }
+    end
+
+    user_agent = "net/http #{ruby_version}"
+    req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)
+
+    begin
+      res = http.start { http.request(req) }
+      abort res.inspect if res.code.to_i >= 500
+      puts "OK"
+    rescue Errno::ECONNREFUSED
+      puts "Error: connection refused"
+      exit 1
+    rescue OpenSSL::SSL::SSLError => e
+      puts "#{e.class}: #{e.message}"
+
+      if failed_cert
+        puts "\nThe server presented a certificate that could not be verified:"
+        puts "  subject: #{failed_cert.subject}"
+        puts "  issuer: #{failed_cert.issuer}"
+        puts "  error code %s" % failed_cert_reason
+      end
+
+      ca_file_missing = !File.exist?(ca_file) && !mac_openssl
+      ca_path_empty = Dir["#{ca_path}/*"].empty?
+
+      if ca_file_missing || ca_path_empty
+        puts "\nPossible causes:"
+        puts "  `%s' does not exist" % ca_file if ca_file_missing
+        puts "  `%s/' is empty" % ca_path if ca_path_empty
+      end
+
+      exit 1
+    end
+  end
+
+end

data/tasks/ssl_diagnostics.rake

@@ -0,0 +1,9 @@
+namespace :ssl_diagnostics do
+
+  desc 'Run a set of diagnostics to check SSL setup'
+  task :run do
+    require 'ssl_diagnostics'
+    SslDiagnostics.run
+  end
+
+end

metadata

@@ -0,0 +1,52 @@
+--- !ruby/object:Gem::Specification
+name: ssl_diagnostics
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Rob Nichols
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-04 00:00:00.000000000 Z
+dependencies: []
+description: Wrapper for Mislav Marohnić's SSL Doctor
+email:
+- rob@undervale.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/ssl_diagnostics.rb
+- lib/ssl_diagnostics/railtie.rb
+- lib/ssl_diagnostics/version.rb
+- tasks/ssl_diagnostics.rake
+homepage: https://git.warwickshire.gov.uk/ssl_diagnostics
+licenses:
+- MIT-LICENSE
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: SSL Diagnostic tool
+test_files: []
+has_rdoc: