Last active
April 19, 2021 21:53
-
-
Save matiaskorhonen/81b87ede6af1704c67b8 to your computer and use it in GitHub Desktop.
Check an SSL/TLS certificate in Ruby (with SNI support)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Modified from: | |
| # http://findingscience.com/ruby/ssl/2013/01/13/reading-an-ssl-cert-in-ruby.html | |
| require "socket" | |
| require "openssl" | |
| host = "www.piranhas.co" | |
| tcp_client = TCPSocket.new("www.piranhas.co", 443) | |
| ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client) | |
| ssl_client.hostname = host | |
| ssl_client.connect | |
| cert = OpenSSL::X509::Certificate.new(ssl_client.peer_cert) | |
| ssl_client.sysclose | |
| tcp_client.close | |
| certprops = OpenSSL::X509::Name.new(cert.issuer).to_a | |
| issuer = certprops.select { |name, data, type| name == "O" }.first[1] | |
| results = { | |
| valid_on: cert.not_before, | |
| valid_until: cert.not_after, | |
| issuer: issuer, | |
| valid: (ssl_client.verify_result == 0) | |
| } |
FYI the host variable is not being used.
Getting this error:
check_certificate.rb:10:in `initialize': getaddrinfo: Name or service not known (SocketError)
Getting this error:
check_certificate.rb:10:in `initialize': getaddrinfo: Name or service not known (SocketError)
This is a DNS resolution failure. The host you're attempting to connect to doesn't exist, or your DNS resolver is malfunctioning.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you!
BTW,
ssl_client.verify_resultis nil if called afterssl_client.sysclose