liuzelei · May 5, 2014 07:27 · bethesque · Nov 2, 2022
diff --git a/gistfile1 b/gistfile1
 # Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
 require 'rbconfig'
 require 'net/https'

 if ARGV[0] =~ /^[^-]/
  host, port = ARGV[0].split(':', 2)
 else
  host = 'status.github.com'
 end
 port ||= 443

 ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
 ruby_version = RUBY_VERSION
 if patch = RbConfig::CONFIG['PATCHLEVEL']
  ruby_version += "-p#{patch}"
 end
 puts "%s (%s)" % [ruby, ruby_version]

 openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
 mac_openssl = '/System/Library/OpenSSL' == openssl_dir
 puts "%s: %s" % [OpenSSL::OPENSSL_VERSION, openssl_dir]
 [OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do |key|
  puts "%s=%s" % [key, ENV[key].to_s.inspect]
 end

 ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
 ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')

 puts "\nHEAD https://#{host}:#{port}"
 http = Net::HTTP.new(host, port)
 http.use_ssl = true

 # Explicitly setting cert_store like this is not needed in most cases but it
 # seems necessary in edge cases such as when using `verify_callback` in some
 # combination of Ruby + OpenSSL versions.
 http.cert_store = OpenSSL::X509::Store.new
 http.cert_store.set_default_paths

 http.verify_mode = OpenSSL::SSL::VERIFY_PEER
 failed_cert = failed_cert_reason = nil

 if mac_openssl
  warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
  # This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
  # system OpenSSL, the mere fact of defining a `verify_callback` makes the
  # cert verification fail for requests that would otherwise be successful.
 else
  http.verify_callback = lambda { |verify_ok, store_context|
    if !verify_ok
      failed_cert = store_context.current_cert
      failed_cert_reason = "%d: %s" % [ store_context.error, store_context.error_string ]
    end
    verify_ok
  }
 end

 user_agent = "net/http #{ruby_version}"
 req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)

 begin
  res = http.start { http.request(req) }
  abort res.inspect if res.code.to_i >= 500
  puts "OK"
 rescue Errno::ECONNREFUSED
  puts "Error: connection refused"
  exit 1
 rescue OpenSSL::SSL::SSLError => e
  puts "#{e.class}: #{e.message}"

  if failed_cert
    puts "\nThe server presented a certificate that could not be verified:"
    puts "  subject: #{failed_cert.subject}"
    puts "  issuer: #{failed_cert.issuer}"
    puts "  error code %s" % failed_cert_reason
  end

  ca_file_missing = !File.exist?(ca_file) && !mac_openssl
  ca_path_empty = Dir["#{ca_path}/*"].empty?

  if ca_file_missing || ca_path_empty
    puts "\nPossible causes:"
    puts "  `%s' does not exist" % ca_file if ca_file_missing
    puts "  `%s/' is empty" % ca_path if ca_path_empty
  end

  exit 1
 end
	# Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
	require 'rbconfig'
	require 'net/https'

	if ARGV[0] =~ /^[^-]/
	host, port = ARGV[0].split(':', 2)
	else
	host = 'status.github.com'
	end
	port \|\|= 443

	ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
	ruby_version = RUBY_VERSION
	if patch = RbConfig::CONFIG['PATCHLEVEL']
	ruby_version += "-p#{patch}"
	end
	puts "%s (%s)" % [ruby, ruby_version]

	openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
	mac_openssl = '/System/Library/OpenSSL' == openssl_dir
	puts "%s: %s" % [OpenSSL::OPENSSL_VERSION, openssl_dir]
	[OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do \|key\|
	puts "%s=%s" % [key, ENV[key].to_s.inspect]
	end

	ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] \|\| OpenSSL::X509::DEFAULT_CERT_FILE
	ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] \|\| OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')

	puts "\nHEAD https://#{host}:#{port}"
	http = Net::HTTP.new(host, port)
	http.use_ssl = true

	# Explicitly setting cert_store like this is not needed in most cases but it
	# seems necessary in edge cases such as when using `verify_callback` in some
	# combination of Ruby + OpenSSL versions.
	http.cert_store = OpenSSL::X509::Store.new
	http.cert_store.set_default_paths

	http.verify_mode = OpenSSL::SSL::VERIFY_PEER
	failed_cert = failed_cert_reason = nil

	if mac_openssl
	warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
	# This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
	# system OpenSSL, the mere fact of defining a `verify_callback` makes the
	# cert verification fail for requests that would otherwise be successful.
	else
	http.verify_callback = lambda { \|verify_ok, store_context\|
	if !verify_ok
	failed_cert = store_context.current_cert
	failed_cert_reason = "%d: %s" % [ store_context.error, store_context.error_string ]
	end
	verify_ok
	}
	end

	user_agent = "net/http #{ruby_version}"
	req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)

	begin
	res = http.start { http.request(req) }
	abort res.inspect if res.code.to_i >= 500
	puts "OK"
	rescue Errno::ECONNREFUSED
	puts "Error: connection refused"
	exit 1
	rescue OpenSSL::SSL::SSLError => e
	puts "#{e.class}: #{e.message}"

	if failed_cert
	puts "\nThe server presented a certificate that could not be verified:"
	puts " subject: #{failed_cert.subject}"
	puts " issuer: #{failed_cert.issuer}"
	puts " error code %s" % failed_cert_reason
	end

	ca_file_missing = !File.exist?(ca_file) && !mac_openssl
	ca_path_empty = Dir["#{ca_path}/*"].empty?

	if ca_file_missing \|\| ca_path_empty
	puts "\nPossible causes:"
	puts " `%s' does not exist" % ca_file if ca_file_missing
	puts " `%s/' is empty" % ca_path if ca_path_empty
	end

	exit 1
	end