Created
July 4, 2012 06:28
-
-
Save dcadenas/3045723 to your computer and use it in GitHub Desktop.
Script to verify ssl hosts and pem files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'net/https' | |
| require 'open-uri' | |
| require 'tmpdir' | |
| unless ARGV[0] | |
| puts "Usage: #{File.basename(__FILE__)} hostname [pemfile]" | |
| puts "It will use http://curl.haxx.se/ca/cacert.pem if no pemfile is specified" | |
| exit false | |
| end | |
| if ARGV.size == 1 | |
| ca_path = File.join(Dir.tmpdir, 'cacert.pem') | |
| if !File.exists? ca_path | |
| File.open(ca_path, 'w') do |f| | |
| f.write open("http://curl.haxx.se/ca/cacert.pem").read | |
| end | |
| end | |
| else | |
| ca_path = ARGV[1] | |
| end | |
| http = Net::HTTP.new(ARGV[0], 443) | |
| http.use_ssl = true | |
| http.verify_mode = OpenSSL::SSL::VERIFY_PEER | |
| http.ca_file = ca_path | |
| success = nil | |
| http.verify_callback = proc do |preverify_ok, ssl_context| | |
| if !preverify_ok | |
| issuer = ssl_context.current_cert.issuer.to_a.last[1] | |
| subject = ssl_context.current_cert.subject.to_a.last[1] | |
| puts "Verification failed: #{ssl_context.error_string} for issuer #{issuer} on #{subject}" | |
| end | |
| success = preverify_ok | |
| end | |
| http.get('/') | |
| puts "Successful verificaton" if success |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Consider also
openssl s_client -CAfile cacert.pem -connect google.com:443 -verify -showcerts