Created
March 8, 2018 22:52
-
-
Save GuyPaddock/ea7cf430fd1146ad89ba9f1a6c9f585a to your computer and use it in GitHub Desktop.
Verifying SSL certificates with Ruby and OpenSSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This will only run in `irb -ropenssl` | |
require "socket" | |
require "openssl" | |
host = "comodo.com" | |
port = 443 | |
cert_store = OpenSSL::X509::Store.new | |
cert_store.set_default_paths | |
ssl_context = OpenSSL::SSL::SSLContext.new | |
ssl_context.cert_store = cert_store | |
tcp_client = TCPSocket.new(host, port) | |
ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client, ssl_context) | |
ssl_client.hostname = host | |
ssl_client.connect | |
cert = OpenSSL::X509::Certificate.new(ssl_client.peer_cert) | |
certprops = OpenSSL::X509::Name.new(cert.issuer).to_a | |
issuer = certprops.select { |name, data, type| name == "O" }.first[1] | |
results = { | |
valid_on: cert.not_before, | |
valid_until: cert.not_after, | |
issuer: issuer, | |
valid: (ssl_client.verify_result == 0), | |
code: ssl_client.verify_result | |
} | |
ssl_client.sysclose | |
tcp_client.close | |
puts results |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment