RubyGems - ssltool - Versions diffs - 0.0.4 → 0.0.5 - Mend

ssltool 0.0.4 → 0.0.5

Files changed (7) hide show

@@ -32,7 +32,7 @@ def notify_circular_chains_detected(circular_chains)
 end
 public :notify_circular_chains_detected
-store = SSLTool::CertificateStore.new("file://var/pools")
+store = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
 store.register_for_circular_chain_detection_notification(self)
 store.detect_and_merge_intermediates!(SSLTool::Certificate.scan(ARGF.read), false)

data/bin/console CHANGED

@@ -7,7 +7,7 @@ require "yaml"
 require_relative "../lib/ssltool/certificate_store"
 $all      = SSLTool::Certificate.scan(IO.read("var/all-the-certs.pem")) rescue []
-$store    = SSLTool::CertificateStore.new("file://var/pools")
+$store    = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
 $trusted  = $store.trusted_pool
 $pool     = $store.intermediate_pool
 $excluded = $store.excluded_pool

@@ -12,7 +12,7 @@ def die(msg, code=1)
 end
 begin
-  store = SSLTool::CertificateStore.new("file://var/pools")
+  store = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
   chain = store.resolve_chain_from_pem_string(ARGF.read)
 rescue SSLTool::ChainResolution::ZeroCertsChainResolutionError   ; die("No certificate given.", 1)
 rescue SSLTool::ChainResolution::ZeroHeadsChainResolutionError   ; die("No certificate given covers a domain name.", 2)
@@ -22,4 +22,4 @@ end
 puts chain
 $stderr.puts("!! Failed to complete chain.")   unless chain.complete?
 $stderr.puts("!! Certificate is self-signed.") if chain.self_signed_untrusted?
-$stderr.puts("!! Certificate is not trusted.") unless chain.trusted? || chain.self_signed?
+$stderr.puts("!! Certificate is not trusted.") unless chain.trusted?

@@ -7,7 +7,7 @@
 require_relative "../lib/ssltool/certificate_store"
 require_relative "../lib/ssltool/adapters/filesystem"
-store = SSLTool::CertificateStore.new("file://var/pools")
+store = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
 certs = SSLTool::Certificate.scan(ARGF.read)
 certs.each do |cert|

@@ -30,9 +30,8 @@ module SSLTool
     def signed_by?(other_cert)
       verify(other_cert.public_key)
     rescue OpenSSL::X509::CertificateError => e
-      # catching common error cases and returning nil
-      return nil if e.message == "wrong public key type" && other_cert.signature_algorithm =~ /^ecdsa/  # this error was seen with ecdsa-with-SHA384 signers, not sure why
-      return nil if e.message == "unknown message digest algorithm" && signature_algorithm =~ /^md2/    # md2 is not present in later versions of openssl
+      return false if e.message == "wrong public key type"                                              # self.signature_algorithm is incompatible with type of other_cert.public_key; verify is definitely false
+      return nil   if e.message == "unknown message digest algorithm" && signature_algorithm =~ /^md2/  # md2 is not present in later versions of openssl; can't tell signature verifies, so returning nil
       raise e
     end

@@ -3,10 +3,10 @@
 module SSLTool
   class PEMScanner
     attr_reader :pems, :certs, :keys, :garbage
-    RX_PEM_BLOCK = /(-----BEGIN.*-----\n
+    RX_PEM_BLOCK = /(-----BEGIN.*?-----\n
                      (?:[A-Za-z0-9\+\/]+\n)*
                      [A-Za-z0-9\+\/]*={0,2}\n
-                     -----END.*-----
+                     -----END.*?-----
                    )/x
     def initialize(s)

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssltool
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-09-11 00:00:00.000000000 Z
+date: 2012-09-13 00:00:00.000000000 Z
 dependencies: []
 description: Orders and completes SSL certificate trust chains, maintains an up-to-date
   pool of viable intermediates and trusted roots, and provides other tooling for dealing