Created
July 4, 2012 20:30
-
-
Save dcadenas/3049397 to your computer and use it in GitHub Desktop.
Script to check bug in mac's ssl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'net/https' | |
| require 'open-uri' | |
| require 'tempfile' | |
| # This script tries to detect a bug in which macosx doesn't raise an exception | |
| # and executes the request despite knowing the host failed its ssl verification | |
| # | |
| # Run with ruby < <(curl -s https://raw.github.com/gist/3049397/checkbug.rb) | |
| # Try it in linux and macosx. Linux behaves correctly. | |
| ca_file = Tempfile.open('ca_file.pem') | |
| ca_file.write DATA.read | |
| ca_file.close | |
| http = Net::HTTP.new('google.com', 443) | |
| http.use_ssl = true | |
| http.verify_mode = OpenSSL::SSL::VERIFY_PEER | |
| http.ca_file = ca_file.path | |
| success = nil | |
| http.verify_callback = proc do |preverify_ok, ssl_context| | |
| success = preverify_ok | |
| end | |
| puts "Trying to get from https://google.com verifying with a bad ssl certificate..." | |
| result = "the request failed" | |
| begin | |
| response = http.get('/') | |
| result = "the request succeded" unless response.code.to_i >= 400 | |
| rescue | |
| end | |
| if success | |
| puts "Verification succedded and #{result}" | |
| else | |
| puts "Verification failed and #{result}" | |
| end | |
| __END__ | |
| -----BEGIN CERTIFICATE----- | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| 0000000000000000000000000000000000000000000000000000000000000000 | |
| -----END CERTIFICATE----- |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Mac:
▸ ruby --version && ruby < <(curl -s https://raw.github.com/gist/3049397/checkbug.rb)
ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-darwin11.3.0]
Trying to get from https://google.com verifying with a bad ssl certificate...
Verification failed and the request succeded
In linux:
▸ ruby --version && ruby < <(curl -s https://raw.github.com/gist/3049397/checkbug.rb)
ruby 1.9.3p125 (2012-02-16 revision 34643) [i686-linux]
Trying to get from https://google.com verifying with a bad ssl certificate...
Verification failed and the request failed