sslackey 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +20 -0
- data/.rspec +2 -0
- data/.rvmrc +1 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README.md +46 -0
- data/Rakefile +9 -0
- data/examples/README.md +11 -0
- data/examples/cacert.pem +1570 -0
- data/examples/simple.rb +49 -0
- data/lib/sslackey/authority_checker.rb +107 -0
- data/lib/sslackey/cache/redis_revocation_cache.rb +30 -0
- data/lib/sslackey/revocation_checker.rb +90 -0
- data/lib/sslackey/version.rb +3 -0
- data/lib/sslackey.rb +3 -0
- data/spec/authority_checker_spec.rb +148 -0
- data/spec/cache/redis_revocation_cache_spec.rb +61 -0
- data/spec/fixtures/AkamaiSub3.crl +0 -0
- data/spec/fixtures/cacert.pem +696 -0
- data/spec/fixtures/crl_only_cert.pem +18 -0
- data/spec/fixtures/ocsp_enabled_cert.pem +35 -0
- data/spec/fixtures/sample_certificate_revocation_list.crl +0 -0
- data/spec/fixtures/sample_ocsp_response.der +0 -0
- data/spec/fixtures/ssl.rb +29 -0
- data/spec/revocation_checker_spec.rb +113 -0
- data/spec/spec_helper.rb +22 -0
- data/sslackey.gemspec +35 -0
- metadata +227 -0
data/.gitignore
ADDED
data/.rspec
ADDED
data/.rvmrc
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
rvm --create ruby-1.9.2-p290@sslackey
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2012 Peter Krimmel
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
# sslackey
|
2
|
+
|
3
|
+
Provides Online Certificate Status Protocol (OCSP) and certificate revocation list checking for ssl certificates.
|
4
|
+
Ruby ssl verifies the chain of trust for a certificate but does not by default check if the certificate has been revoked.
|
5
|
+
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
gem 'sslackey'
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
|
15
|
+
$ bundle
|
16
|
+
|
17
|
+
Or install it yourself as:
|
18
|
+
|
19
|
+
$ gem install sslackey
|
20
|
+
|
21
|
+
## Requirements
|
22
|
+
|
23
|
+
* curl installation
|
24
|
+
* openssl installation
|
25
|
+
* Redis or implement your own caching mechanism
|
26
|
+
|
27
|
+
## Examples
|
28
|
+
|
29
|
+
```ruby
|
30
|
+
# Setup with your cache and trusted certs
|
31
|
+
RevocationChecker.setup File.join(File.dirname(__FILE__), 'cacert.pem')
|
32
|
+
RevocationChecker.cache = RedisRevocationCache.new("localhost", "6379")
|
33
|
+
|
34
|
+
# Start checking certs
|
35
|
+
checker = RevocationChecker.new()
|
36
|
+
status = checker.check_revocation_status(peer_cert)
|
37
|
+
|
38
|
+
|
39
|
+
|
40
|
+
## Contributing
|
41
|
+
|
42
|
+
1. Fork it
|
43
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
44
|
+
3. Commit your changes (`git commit -am 'Added some feature'`)
|
45
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
46
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
data/examples/README.md
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
sslackey demo
|
2
|
+
-----------
|
3
|
+
|
4
|
+
This uses net/http and monkee patches openssl to include revocation checking.
|
5
|
+
It uses the default redis cache to cache ocsp responses. You will need to install
|
6
|
+
redis before using or provide a different caching implementation.
|
7
|
+
|
8
|
+
|
9
|
+
|
10
|
+
|
11
|
+
|