ssltool 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/bootstrap-detect-intermediates +1 -1
- data/bin/console +1 -1
- data/bin/ssltool-complete-chain +2 -2
- data/bin/ssltool-print-certs-info +1 -1
- data/lib/ssltool/certificate.rb +2 -3
- data/lib/ssltool/pem_scanner.rb +2 -2
- metadata +2 -2
|
@@ -32,7 +32,7 @@ def notify_circular_chains_detected(circular_chains)
|
|
|
32
32
|
end
|
|
33
33
|
public :notify_circular_chains_detected
|
|
34
34
|
|
|
35
|
-
store = SSLTool::CertificateStore.new("file
|
|
35
|
+
store = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
|
|
36
36
|
store.register_for_circular_chain_detection_notification(self)
|
|
37
37
|
store.detect_and_merge_intermediates!(SSLTool::Certificate.scan(ARGF.read), false)
|
|
38
38
|
|
data/bin/console
CHANGED
|
@@ -7,7 +7,7 @@ require "yaml"
|
|
|
7
7
|
require_relative "../lib/ssltool/certificate_store"
|
|
8
8
|
|
|
9
9
|
$all = SSLTool::Certificate.scan(IO.read("var/all-the-certs.pem")) rescue []
|
|
10
|
-
$store = SSLTool::CertificateStore.new("file
|
|
10
|
+
$store = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
|
|
11
11
|
$trusted = $store.trusted_pool
|
|
12
12
|
$pool = $store.intermediate_pool
|
|
13
13
|
$excluded = $store.excluded_pool
|
data/bin/ssltool-complete-chain
CHANGED
|
@@ -12,7 +12,7 @@ def die(msg, code=1)
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
begin
|
|
15
|
-
store = SSLTool::CertificateStore.new("file
|
|
15
|
+
store = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
|
|
16
16
|
chain = store.resolve_chain_from_pem_string(ARGF.read)
|
|
17
17
|
rescue SSLTool::ChainResolution::ZeroCertsChainResolutionError ; die("No certificate given.", 1)
|
|
18
18
|
rescue SSLTool::ChainResolution::ZeroHeadsChainResolutionError ; die("No certificate given covers a domain name.", 2)
|
|
@@ -22,4 +22,4 @@ end
|
|
|
22
22
|
puts chain
|
|
23
23
|
$stderr.puts("!! Failed to complete chain.") unless chain.complete?
|
|
24
24
|
$stderr.puts("!! Certificate is self-signed.") if chain.self_signed_untrusted?
|
|
25
|
-
$stderr.puts("!! Certificate is not trusted.") unless chain.trusted?
|
|
25
|
+
$stderr.puts("!! Certificate is not trusted.") unless chain.trusted?
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
require_relative "../lib/ssltool/certificate_store"
|
|
8
8
|
require_relative "../lib/ssltool/adapters/filesystem"
|
|
9
9
|
|
|
10
|
-
store = SSLTool::CertificateStore.new("file
|
|
10
|
+
store = SSLTool::CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
|
|
11
11
|
certs = SSLTool::Certificate.scan(ARGF.read)
|
|
12
12
|
|
|
13
13
|
certs.each do |cert|
|
data/lib/ssltool/certificate.rb
CHANGED
|
@@ -30,9 +30,8 @@ module SSLTool
|
|
|
30
30
|
def signed_by?(other_cert)
|
|
31
31
|
verify(other_cert.public_key)
|
|
32
32
|
rescue OpenSSL::X509::CertificateError => e
|
|
33
|
-
#
|
|
34
|
-
return nil
|
|
35
|
-
return nil if e.message == "unknown message digest algorithm" && signature_algorithm =~ /^md2/ # md2 is not present in later versions of openssl
|
|
33
|
+
return false if e.message == "wrong public key type" # self.signature_algorithm is incompatible with type of other_cert.public_key; verify is definitely false
|
|
34
|
+
return nil if e.message == "unknown message digest algorithm" && signature_algorithm =~ /^md2/ # md2 is not present in later versions of openssl; can't tell signature verifies, so returning nil
|
|
36
35
|
raise e
|
|
37
36
|
end
|
|
38
37
|
|
data/lib/ssltool/pem_scanner.rb
CHANGED
|
@@ -3,10 +3,10 @@
|
|
|
3
3
|
module SSLTool
|
|
4
4
|
class PEMScanner
|
|
5
5
|
attr_reader :pems, :certs, :keys, :garbage
|
|
6
|
-
RX_PEM_BLOCK = /(-----BEGIN
|
|
6
|
+
RX_PEM_BLOCK = /(-----BEGIN.*?-----\n
|
|
7
7
|
(?:[A-Za-z0-9\+\/]+\n)*
|
|
8
8
|
[A-Za-z0-9\+\/]*={0,2}\n
|
|
9
|
-
-----END
|
|
9
|
+
-----END.*?-----
|
|
10
10
|
)/x
|
|
11
11
|
|
|
12
12
|
def initialize(s)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssltool
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-09-
|
|
12
|
+
date: 2012-09-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: Orders and completes SSL certificate trust chains, maintains an up-to-date
|
|
15
15
|
pool of viable intermediates and trusted roots, and provides other tooling for dealing
|