Analyze SSL certs in ruby

ruby ssl fun

#!/usr/bin/env ruby

require 'OpenSSL'
require 'timeout'
require 'socket'
require 'pp'

hostname = "secure.assets.tumblr.com"

def verify_ssl_certificate(preverify_ok, ssl_context)
  if preverify_ok != true || ssl_context.error != 0
    err_msg = "SSL Verification failed -- Preverify: #{preverify_ok}, Error: #{ssl_context.error_string} (#{ssl_context.error})"
    raise OpenSSL::SSL::SSLError.new(err_msg)
  end

  # ssl_context.current_cert gives you a OpenSSL::X509::Certificate

  begin
    pp ssl_context.current_cert.subject.to_a
    pp ssl_context.current_cert.extensions
  rescue Exception => e
    puts e
  end

  true
end

cert_store = OpenSSL::X509::Store.new
cert_store.add_file 'cacert.pem' # http://curl.haxx.se/ca/cacert.pem

ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.cert_store = cert_store

ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
ssl_context.verify_callback = proc do |preverify_ok, ssl_context|
  verify_ssl_certificate(preverify_ok, ssl_context)
end


begin
  Timeout::timeout(5) do
    client  = TCPSocket.new(hostname, 443)
    secure = OpenSSL::SSL::SSLSocket.new(client, ssl_context)
    secure.sync_close = true
    secure.connect
  end
rescue OpenSSL::SSL::SSLError => e
  puts e
rescue Errno::ECONNREFUSED
  puts e
rescue Timeout::Error
  puts e
rescue Exception => e
  puts e
end