Class: Http::SSLValidator
- Inherits:
-
Object
- Object
- Http::SSLValidator
- Defined in:
- lib/ssl_validator.rb
Class Method Summary collapse
- .configure(logger) ⇒ Object
- .configured? ⇒ Boolean
-
.validate(certs, host) ⇒ Object
Completes the 3 steps to certificate chain verification Also applies if there is just one cert in the chain, but the last step won’t run.
Class Method Details
.configure(logger) ⇒ Object
8 9 10 11 |
# File 'lib/ssl_validator.rb', line 8 def configure(logger) @@logger = logger || Logger.new(STDOUT) create_store end |
.configured? ⇒ Boolean
13 14 15 |
# File 'lib/ssl_validator.rb', line 13 def configured? class_variable_defined?("@@logger") end |
.validate(certs, host) ⇒ Object
Completes the 3 steps to certificate chain verification Also applies if there is just one cert in the chain, but the last step won’t run
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/ssl_validator.rb', line 22 def validate(certs, host) configure unless configured? certs = certs.collect { |c| OpenSSL::X509::Certificate.new(c) } @@logger.debug("Verifying certs for #{host}") # 1. Verify that the last cert has a valid hostname unless OpenSSL::SSL.verify_certificate_identity(certs.last, host) @@logger.error("Hostname #{host} does not match cert: #{certs.last}") return false end # 2. Verify that the first cert can be validated by a root certificate unless @@store.verify(certs.first) @@logger.error("Cert not validated by any of the root certificates in my store: #{certs.first}") return false end # 3. Verify that every cert in the chain is validated by the cert after it (certs.length - 1).times do |i| cert_a = certs[i+1] cert_b = certs[i] unless cert_a.verify(cert_b.public_key) @@logger.error("Broken link in certificate chain for #{host} between #{cert_a} and #{cert_b}") return false end end true end |