sslcheck 0.9.4 → 0.9.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/acceptance/checking_certificates_spec.rb +11 -0
- data/lib/sslcheck/check.rb +1 -0
- data/lib/sslcheck/validator.rb +2 -0
- data/lib/sslcheck/validators/common_name.rb +2 -1
- data/lib/sslcheck/version.rb +1 -1
- data/spec/cert_fixtures.rb +34 -0
- data/spec/check_spec.rb +7 -0
- data/spec/common_name_validator_spec.rb +13 -1
- metadata +2 -3
- data/sslcheck-0.9.0.gem +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c20562eb72f671cb97f212cd1eba23b56bb536ff
|
4
|
+
data.tar.gz: 708991cda40f732a0a7227ddd7237d6853682c52
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ddd27cf5c945cc4829da97285e503060db844049bf239a049b41383f094eb14c0a012bf4a457d0151ab30841b599291a9134d8b2c8cee881b9a2de0ff4ba5d39
|
7
|
+
data.tar.gz: 76cf8262a72908aa519bea9f2e3af3ab5ab13bd3134200cad7928c5bf0856b4c9a6e3e3c1fa03fbd646abb22aa742f3f7c3d118ef37ed6ec56be335502fc1b3b
|
@@ -30,5 +30,16 @@ module SSLCheck
|
|
30
30
|
expect(@check.ca_bundle).to be
|
31
31
|
end
|
32
32
|
end
|
33
|
+
context "when the common name is not correct" do
|
34
|
+
before do
|
35
|
+
@check = Check.new.check('https://mismatch.examples.sslinsight.com')
|
36
|
+
end
|
37
|
+
it 'should not be valid' do
|
38
|
+
expect(@check.valid?).to_not be
|
39
|
+
end
|
40
|
+
it 'should have errors' do
|
41
|
+
expect(@check.errors).to_not be_empty
|
42
|
+
end
|
43
|
+
end
|
33
44
|
end
|
34
45
|
end
|
data/lib/sslcheck/check.rb
CHANGED
data/lib/sslcheck/validator.rb
CHANGED
@@ -12,7 +12,8 @@ module SSLCheck
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def matching_wildcard_domain
|
15
|
-
true if (@peer_cert.common_name.match(/\*\./) && @common_name.include?(@peer_cert.common_name.gsub(/\*\./,'')))
|
15
|
+
return true if (@peer_cert.common_name.match(/\*\./) && @common_name.include?(@peer_cert.common_name.gsub(/\*\./,'')))
|
16
|
+
false
|
16
17
|
end
|
17
18
|
|
18
19
|
def direct_common_name_match
|
data/lib/sslcheck/version.rb
CHANGED
data/spec/cert_fixtures.rb
CHANGED
@@ -812,3 +812,37 @@ ReYNnyicsbkqWletNw+vHX/bvZ8=
|
|
812
812
|
"""
|
813
813
|
|
814
814
|
VALID_CA_BUNDLE = [CA_PARENT, CA_GRAND_PARENT, CA_GREAT_GRAND_PARENT]
|
815
|
+
|
816
|
+
APP_SSL_INSIGHT_CERT = """
|
817
|
+
-----BEGIN CERTIFICATE-----
|
818
|
+
MIIFWjCCBEKgAwIBAgIQSXt7yzPv7c88GVt1NwDupzANBgkqhkiG9w0BAQsFADCB
|
819
|
+
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
820
|
+
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
|
821
|
+
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
|
822
|
+
QTAeFw0xNTA0MDMwMDAwMDBaFw0xNjA0MDIyMzU5NTlaMFYxITAfBgNVBAsTGERv
|
823
|
+
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGzAZ
|
824
|
+
BgNVBAMTEmFwcC5zc2xpbnNpZ2h0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
825
|
+
ADCCAQoCggEBAOMvQ5zflXGZ6JM7fjyOiOvaYsQepgiegG7uxISWCzCXa+lA49xo
|
826
|
+
Or2j7Il5HsuOfF9LuCKFo+1H6+V8X71xqZK4P8IW7Z31iyFmw6uIczuhzwVRs1YJ
|
827
|
+
xoE8DzErmtKFSV4IHeEgbNZsZlkfdA7YflSTSXwxcDisJv7STFxLNiGHbu1dCVOl
|
828
|
+
j3C1ipiF5rZbwh2P8pUcQwGkp8OWr1XS4K7bsDiRqDTuslykOPyAPEqwgKJu1tAm
|
829
|
+
lW0tIs653qRuW7VySmBexBNonQ8HmSqO4NVpqejpy+tSS9VrcADS4UGTpwUUQG7V
|
830
|
+
2yA8ymg9RnyaKOLoe7wgkwyy/3YyJE44e1MCAwEAAaOCAecwggHjMB8GA1UdIwQY
|
831
|
+
MBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBTsG2YDDmHoOTHQZEmO
|
832
|
+
A/hUsAr4FDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU
|
833
|
+
BggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzAr
|
834
|
+
MCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZn
|
835
|
+
gQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20v
|
836
|
+
Q09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYI
|
837
|
+
KwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
|
838
|
+
bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQG
|
839
|
+
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wNQYDVR0RBC4wLIIS
|
840
|
+
YXBwLnNzbGluc2lnaHQuY29tghZ3d3cuYXBwLnNzbGluc2lnaHQuY29tMA0GCSqG
|
841
|
+
SIb3DQEBCwUAA4IBAQBugXKmDVrHxahyQhOc4FJjV3QeMlgu2wHwjziUdwCFFVLA
|
842
|
+
HrJjNsdkgL0/yggTafwHYSq2FF1ZrP8w261frl+JpLSB/Xmfe8eai6lN6/vAGH8U
|
843
|
+
vckcrWFEwoEDp1ui4sWEfibHjaDjIcNRkSBuaodhK9Y8OPlhzO0Sw/hRQ1rfaQF1
|
844
|
+
y4RKl6auZwAmccdcYDICrbHqocX76tSyZMi6UmE3kQzqH5YUAVP4G3pAn2/kCI4p
|
845
|
+
X4nnqR6A1Qz7WsWIY0PdHA4wK5sOSy11a3c7Z2vOABG8LF6HL/UZZIVvSnDvoPWT
|
846
|
+
FXKBj7iNTKZDyn1G8b0kxE7zaLF6kAryW3F7IXr0
|
847
|
+
-----END CERTIFICATE-----
|
848
|
+
"""
|
data/spec/check_spec.rb
CHANGED
@@ -111,6 +111,13 @@ module SSLCheck
|
|
111
111
|
expect(@sut.valid?).to be
|
112
112
|
end
|
113
113
|
end
|
114
|
+
context "when the certificate is invalid" do
|
115
|
+
it 'should bubble up any errors found during validation' do
|
116
|
+
@sut = Check.new(FakeClient.new(FakeClientResponse.new(@peer_cert, @ca_bundle)), FakeValidator.new(false, [SSLCheck::Errors::GenericError.new({:name => "generic error", :message => "generic error"})]))
|
117
|
+
@sut.check('www.example.com')
|
118
|
+
expect(@sut.errors.empty?).to_not be
|
119
|
+
end
|
120
|
+
end
|
114
121
|
end
|
115
122
|
end
|
116
123
|
end
|
@@ -27,7 +27,6 @@ module SSLCheck
|
|
27
27
|
expect(result).to_not be
|
28
28
|
end
|
29
29
|
end
|
30
|
-
|
31
30
|
end
|
32
31
|
context "when the common name is mismatched" do
|
33
32
|
it 'should return errors' do
|
@@ -36,5 +35,18 @@ module SSLCheck
|
|
36
35
|
expect(result).to be_a SSLCheck::Errors::Validation::CommonNameMismatch
|
37
36
|
end
|
38
37
|
end
|
38
|
+
context "When not a wildcard domain" do
|
39
|
+
|
40
|
+
context "and part of the common name matches" do
|
41
|
+
@cert = Certificate.new(APP_SSL_INSIGHT_CERT)
|
42
|
+
@ca_bundle = [Certificate.new(CA_PARENT), Certificate.new(CA_GRAND_PARENT)]
|
43
|
+
it 'should return errors' do
|
44
|
+
sut = Validators::CommonName.new("mismatch.examples.sslinsight.com", @cert, @ca_bundle)
|
45
|
+
result = sut.validate
|
46
|
+
expect(result).to be_a SSLCheck::Errors::Validation::CommonNameMismatch
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
39
51
|
end
|
40
52
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sslcheck
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.4
|
4
|
+
version: 0.9.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clayton Lengel-Zigich
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-04-
|
11
|
+
date: 2015-04-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -140,7 +140,6 @@ files:
|
|
140
140
|
- spec/response_spec.rb
|
141
141
|
- spec/spec_helper.rb
|
142
142
|
- spec/validator_spec.rb
|
143
|
-
- sslcheck-0.9.0.gem
|
144
143
|
- sslcheck.gemspec
|
145
144
|
homepage: http://github.com/clayton/sslcheck
|
146
145
|
licenses:
|
data/sslcheck-0.9.0.gem
DELETED
Binary file
|