tls_test_kit 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tls_test_kit/tls_version_test.rb +32 -6
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 685d8867a7e572f2f8aec3c26038a296b436256bd957065794c1f405cc6025b1
|
|
4
|
+
data.tar.gz: 87323f7a8b63706d6aa950a3bae16f7a14530169686e6441f34bf7de25c85dc0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f1c415d4fae0b170e12ed075c6105c464bfa59e1e665426dfabb8be90f72b33a76e3fa75403fd657db1ca433d1ad7f3598e1939e58db916a25aebc92982e4dd6
|
|
7
|
+
data.tar.gz: 4431510618b2ccb37336832ab222e04e71e6f1bac1792b2ace7135647f28057e068a498d774685e053ac0247295bd43f9804189a4d5426b6c7b0511f06353ae0
|
|
@@ -6,6 +6,8 @@ module TLSTestKit
|
|
|
6
6
|
)
|
|
7
7
|
id :tls_version_test
|
|
8
8
|
|
|
9
|
+
output :incorrectly_permitted_tls_versions_messages
|
|
10
|
+
|
|
9
11
|
class << self
|
|
10
12
|
def versions
|
|
11
13
|
{
|
|
@@ -59,6 +61,10 @@ module TLSTestKit
|
|
|
59
61
|
def version_required?(version)
|
|
60
62
|
required_versions.include? version
|
|
61
63
|
end
|
|
64
|
+
|
|
65
|
+
def incorrectly_permitted_tls_version_message_type
|
|
66
|
+
config.options[:incorrectly_permitted_tls_version_message_type] || 'error'
|
|
67
|
+
end
|
|
62
68
|
end
|
|
63
69
|
|
|
64
70
|
input :url
|
|
@@ -69,6 +75,8 @@ module TLSTestKit
|
|
|
69
75
|
port = uri.port
|
|
70
76
|
tls_support_verified = false
|
|
71
77
|
|
|
78
|
+
incorrectly_permitted_tls_versions = []
|
|
79
|
+
|
|
72
80
|
self.class.versions.each do |version, version_string|
|
|
73
81
|
http = Net::HTTP.new(host, port)
|
|
74
82
|
http.use_ssl = true
|
|
@@ -78,30 +86,48 @@ module TLSTestKit
|
|
|
78
86
|
begin
|
|
79
87
|
http.request_get(uri)
|
|
80
88
|
if self.class.version_forbidden? version
|
|
81
|
-
|
|
89
|
+
message =
|
|
90
|
+
"#{url} accepted #{version_string} connection even though #{version_string} connections should be denied. " \
|
|
91
|
+
'The system may deny content from being sent over this connection, but this must be manually verified.'
|
|
92
|
+
incorrectly_permitted_tls_versions << version_string
|
|
93
|
+
|
|
94
|
+
add_message(self.class.incorrectly_permitted_tls_version_message_type, message)
|
|
82
95
|
elsif self.class.version_required? version
|
|
83
|
-
add_message('info', "
|
|
96
|
+
add_message('info', "#{url} correctly accepted #{version_string} connection as required.")
|
|
84
97
|
tls_support_verified = true
|
|
85
98
|
else
|
|
86
|
-
add_message('info', "
|
|
99
|
+
add_message('info', "#{url} accepted #{version_string} connection.")
|
|
87
100
|
tls_support_verified = true
|
|
88
101
|
end
|
|
89
102
|
rescue StandardError => e
|
|
90
103
|
if self.class.version_required? version
|
|
91
|
-
add_message('error', "
|
|
104
|
+
add_message('error', "#{url} incorrectly denied #{version_string} connection: #{e.message}")
|
|
92
105
|
elsif self.class.version_forbidden? version
|
|
93
|
-
add_message('info', "
|
|
106
|
+
add_message('info', "#{url} correctly denied #{version_string} connection as required.")
|
|
94
107
|
else
|
|
95
|
-
add_message('info', "
|
|
108
|
+
add_message('info', "#{url} denied #{version_string} connection.")
|
|
96
109
|
end
|
|
97
110
|
end
|
|
98
111
|
end
|
|
99
112
|
|
|
113
|
+
if incorrectly_permitted_tls_versions.present?
|
|
114
|
+
count = incorrectly_permitted_tls_versions.length
|
|
115
|
+
message =
|
|
116
|
+
"#{url} did not deny TLS connections for #{'version'.pluralize(count)} " \
|
|
117
|
+
"#{incorrectly_permitted_tls_versions.join(', ')}. The system may deny content from being sent over this " \
|
|
118
|
+
'connection, but this must be manually verified.'
|
|
119
|
+
output incorrectly_permitted_tls_versions_messages: message
|
|
120
|
+
end
|
|
121
|
+
|
|
100
122
|
errors_found = messages.any? { |message| message[:type] == 'error' }
|
|
101
123
|
|
|
102
124
|
assert !errors_found, 'Server did not permit/deny the connections with the correct TLS versions'
|
|
103
125
|
|
|
104
126
|
assert tls_support_verified, 'Server did not support any allowed TLS versions.'
|
|
127
|
+
|
|
128
|
+
if incorrectly_permitted_tls_versions.present?
|
|
129
|
+
pass "Server accepted TLS connections using versions which should be denied: #{incorrectly_permitted_tls_versions.join(', ')}"
|
|
130
|
+
end
|
|
105
131
|
end
|
|
106
132
|
end
|
|
107
133
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tls_test_kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen MacVicar
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: inferno_core
|
|
@@ -96,7 +96,7 @@ licenses:
|
|
|
96
96
|
metadata:
|
|
97
97
|
homepage_uri: https://github.com/inferno_framework/tls-test-kit
|
|
98
98
|
source_code_uri: https://github.com/inferno_framework/tls-test-kit
|
|
99
|
-
post_install_message:
|
|
99
|
+
post_install_message:
|
|
100
100
|
rdoc_options: []
|
|
101
101
|
require_paths:
|
|
102
102
|
- lib
|
|
@@ -112,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
112
112
|
version: '0'
|
|
113
113
|
requirements: []
|
|
114
114
|
rubygems_version: 3.1.6
|
|
115
|
-
signing_key:
|
|
115
|
+
signing_key:
|
|
116
116
|
specification_version: 4
|
|
117
117
|
summary: Inferno tests for server TLS support
|
|
118
118
|
test_files: []
|