Skip to content

Instantly share code, notes, and snippets.

@Tho85

Tho85/ssltool.patch

Created Sep 3, 2013
Embed
What would you like to do?
From dfa54b947815fdf1ba957c64bb4e489d041bbf3e Mon Sep 17 00:00:00 2001
From: Thomas Hollstegge <thomas.hollstegge@zweitag.de>
Date: Mon, 2 Sep 2013 18:07:47 +0200
Subject: [PATCH 1/2] Check all CNs when testing for domain name
---
lib/ssltool/certificate.rb | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/ssltool/certificate.rb b/lib/ssltool/certificate.rb
index cbea63a..a8d1ef9 100644
--- a/lib/ssltool/certificate.rb
+++ b/lib/ssltool/certificate.rb
@@ -53,12 +53,16 @@ module SSLTool
@fingerprint ||= Digest::SHA1.hexdigest(to_der)
end
+ def common_names
+ subject.to_a.select { |k, _, _| k == "CN" }.map { |_, v, _| v }
+ end
+
def common_name
k, v, t = subject.to_a.find { |k, v, t| k == "CN" }; v
end
def for_domain_name?
- common_name =~ RX_DOMAIN_NAME
+ common_names.find { |cn| cn =~ RX_DOMAIN_NAME }
end
def domain_names
--
1.7.9.5
From d15e3b3a1e1e8eb254ee28fd866f9484fd168771 Mon Sep 17 00:00:00 2001
From: Thomas Hollstegge <thomas.hollstegge@zweitag.de>
Date: Tue, 3 Sep 2013 11:05:46 +0200
Subject: [PATCH 2/2] Include subject alternative names when checking for
domain name
---
lib/ssltool/certificate.rb | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/ssltool/certificate.rb b/lib/ssltool/certificate.rb
index a8d1ef9..073e49e 100644
--- a/lib/ssltool/certificate.rb
+++ b/lib/ssltool/certificate.rb
@@ -61,12 +61,16 @@ module SSLTool
k, v, t = subject.to_a.find { |k, v, t| k == "CN" }; v
end
+ def domain_common_names
+ common_names.select { |cn| cn =~ RX_DOMAIN_NAME }
+ end
+
def for_domain_name?
- common_names.find { |cn| cn =~ RX_DOMAIN_NAME }
+ !domain_names.empty?
end
def domain_names
- [ (common_name if for_domain_name?),
+ [ domain_common_names,
map_extension_value('subjectAltName') { |s| s.scan(/\bDNS:([^\s,]+)/) },
].flatten.compact.sort.uniq
end
--
1.7.9.5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment