ssl_diagnostics 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ NzkzNmE3OWU0MjYyNjBkZjAxNmMwNmMzYjBiNmRmYWI2MWQ5ZWJjNQ==
5
+ data.tar.gz: !binary |-
6
+ YjM5NmM1YWQ3NGY2MTgwNzYyZDUyZDk3OGM3OWIyY2RlYzQ2ZmJmOQ==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ ODY4MDU2MzM5NmE1NzY2NGM5NGE0MjI2NGE5MWUyYzFhN2EwNzY3YTUyMDkw
10
+ MWZkNGY3YWVhYTI3M2QyNDQ5N2M3YTkwMzBkM2U0NDVkNDNhZTYxOWNhZmVm
11
+ ZDM3YTQ3YjljZDZiZDE4MDQwMThmNGQxZmY1NDE3NTlkZDZmOTM=
12
+ data.tar.gz: !binary |-
13
+ OGI2ZmRiYThmZmNhZmYzMjE0YWUyNTY1MDVmMmI1MWZlNTBiMDExOTY5ZGJl
14
+ ZDg4ZGZjYWIyZmYwMDkzMGU3ZDNjMGExN2IxZTlhMzMzZGEzY2RlYmVjNTE1
15
+ NTI4ZDczNzNkNzE5NmNhNjIxYzJmNTg1NjY2N2M1M2JmNTRmZGI=
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2015 Rob Nichols and Warwickshire County Council
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,3 @@
1
+ SSL Diagnostics
2
+ ===============
3
+
data/Rakefile ADDED
File without changes
@@ -0,0 +1,11 @@
1
+ require 'ssl_diagnostics'
2
+ require 'rails'
3
+ module MyPlugin
4
+ class Railtie < Rails::Railtie
5
+ railtie_name :ssl_diagnostics
6
+
7
+ rake_tasks do
8
+ load File.expand_path("../../tasks/ssl_diagnostics.rake", File.dirname(__FILE__))
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,9 @@
1
+ module SslDiagnostics
2
+ VERSION = '0.0.1'
3
+ end
4
+
5
+ # History
6
+ # =======
7
+ #
8
+ # 0.0.1: First version
9
+ #
@@ -0,0 +1,97 @@
1
+ # An SSL diagnotic tool. See http://mislav.uniqpath.com/2013/07/ruby-openssl/
2
+
3
+ module SslDiagnostics
4
+
5
+ require 'ssl_diagnostics/railtie' if defined?(Rails)
6
+
7
+ def self.run
8
+ # Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
9
+ require 'rbconfig'
10
+ require 'net/https'
11
+
12
+ if ENV['URL'] =~ /^[^-]/
13
+ host, port = ENV['URL'].split(':', 2)
14
+ else
15
+ host = 'www.warwickshire.gov.uk'
16
+ end
17
+ port ||= 443
18
+
19
+ ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
20
+ ruby_version = RUBY_VERSION
21
+ if patch = RbConfig::CONFIG['PATCHLEVEL']
22
+ ruby_version += "-p#{patch}"
23
+ end
24
+ puts "%s (%s)" % [ruby, ruby_version]
25
+
26
+ openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
27
+ mac_openssl = '/System/Library/OpenSSL' == openssl_dir
28
+ puts "%s: %s" % [OpenSSL::OPENSSL_VERSION, openssl_dir]
29
+ [OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do |key|
30
+ puts "%s=%s" % [key, ENV[key].to_s.inspect]
31
+ end
32
+
33
+ ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
34
+ ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')
35
+
36
+ puts "\nHEAD https://#{host}:#{port}"
37
+ http = Net::HTTP.new(host, port)
38
+ http.use_ssl = true
39
+
40
+ # Explicitly setting cert_store like this is not needed in most cases but it
41
+ # seems necessary in edge cases such as when using `verify_callback` in some
42
+ # combination of Ruby + OpenSSL versions.
43
+ http.cert_store = OpenSSL::X509::Store.new
44
+ http.cert_store.set_default_paths
45
+
46
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
47
+ failed_cert = failed_cert_reason = nil
48
+
49
+ if mac_openssl
50
+ warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
51
+ # This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
52
+ # system OpenSSL, the mere fact of defining a `verify_callback` makes the
53
+ # cert verification fail for requests that would otherwise be successful.
54
+ else
55
+ http.verify_callback = lambda { |verify_ok, store_context|
56
+ if !verify_ok
57
+ failed_cert = store_context.current_cert
58
+ failed_cert_reason = "%d: %s" % [ store_context.error, store_context.error_string ]
59
+ end
60
+ verify_ok
61
+ }
62
+ end
63
+
64
+ user_agent = "net/http #{ruby_version}"
65
+ req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)
66
+
67
+ begin
68
+ res = http.start { http.request(req) }
69
+ abort res.inspect if res.code.to_i >= 500
70
+ puts "OK"
71
+ rescue Errno::ECONNREFUSED
72
+ puts "Error: connection refused"
73
+ exit 1
74
+ rescue OpenSSL::SSL::SSLError => e
75
+ puts "#{e.class}: #{e.message}"
76
+
77
+ if failed_cert
78
+ puts "\nThe server presented a certificate that could not be verified:"
79
+ puts " subject: #{failed_cert.subject}"
80
+ puts " issuer: #{failed_cert.issuer}"
81
+ puts " error code %s" % failed_cert_reason
82
+ end
83
+
84
+ ca_file_missing = !File.exist?(ca_file) && !mac_openssl
85
+ ca_path_empty = Dir["#{ca_path}/*"].empty?
86
+
87
+ if ca_file_missing || ca_path_empty
88
+ puts "\nPossible causes:"
89
+ puts " `%s' does not exist" % ca_file if ca_file_missing
90
+ puts " `%s/' is empty" % ca_path if ca_path_empty
91
+ end
92
+
93
+ exit 1
94
+ end
95
+ end
96
+
97
+ end
@@ -0,0 +1,9 @@
1
+ namespace :ssl_diagnostics do
2
+
3
+ desc 'Run a set of diagnostics to check SSL setup'
4
+ task :run do
5
+ require 'ssl_diagnostics'
6
+ SslDiagnostics.run
7
+ end
8
+
9
+ end
metadata ADDED
@@ -0,0 +1,52 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ssl_diagnostics
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Rob Nichols
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-03-04 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Wrapper for Mislav Marohnić's SSL Doctor
14
+ email:
15
+ - rob@undervale.co.uk
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - MIT-LICENSE
21
+ - README.md
22
+ - Rakefile
23
+ - lib/ssl_diagnostics.rb
24
+ - lib/ssl_diagnostics/railtie.rb
25
+ - lib/ssl_diagnostics/version.rb
26
+ - tasks/ssl_diagnostics.rake
27
+ homepage: https://git.warwickshire.gov.uk/ssl_diagnostics
28
+ licenses:
29
+ - MIT-LICENSE
30
+ metadata: {}
31
+ post_install_message:
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ! '>='
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ! '>='
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubyforge_project:
47
+ rubygems_version: 2.2.2
48
+ signing_key:
49
+ specification_version: 4
50
+ summary: SSL Diagnostic tool
51
+ test_files: []
52
+ has_rdoc: