diff options
author | Michal Rokos <m.rokos@sh.cvut.cz> | 2002-06-04 06:44:42 +0000 |
---|---|---|
committer | Michal Rokos <m.rokos@sh.cvut.cz> | 2002-06-04 06:44:42 +0000 |
commit | a5180750f7ab485fba73dd6e9861536adf3b693b (patch) | |
tree | cd2cea7862bed69939cb64d20346a3f975b5a9cc /examples/ossl_x509store.rb | |
parent | bc603852659675cd0c7420dd4d126780f7ba6ee2 (diff) | |
download | ruby-openssl-history-a5180750f7ab485fba73dd6e9861536adf3b693b.tar.gz |
Initial revision
Diffstat (limited to 'examples/ossl_x509store.rb')
-rwxr-xr-x | examples/ossl_x509store.rb | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/examples/ossl_x509store.rb b/examples/ossl_x509store.rb new file mode 100755 index 0000000..d70e85d --- /dev/null +++ b/examples/ossl_x509store.rb @@ -0,0 +1,76 @@ +#!/usr/bin/ruby -w + +require 'openssl' +include OpenSSL +include X509 + +verify_cb = Proc.new {|ok, x509_store| + puts "\t\t====begin Verify====" + puts "\t\tOK = #{ok}" + puts "\t\tchecking #{x509_store.cert.subject.to_s}" + puts "\t\tstatus = #{x509_store.verify_status} - that is \"#{x509_store.verify_message}\"" + puts "\t\t==== end Verify====" + #raise "SOME ERROR!" # Cert will be rejected + #false # Cert will be rejected + #true # Cert is OK + ok # just throw 'ok' through +} + +p ca = Certificate.new(File.open("./cacert.pem").read) +puts "CA = #{ca.subject.to_s}, serial = #{ca.serial}" +cakey = ca.public_key + +p cert = Certificate.new(File.open("./01cert.pem").read) +puts "Cert = #{cert.subject.to_s}, serial = #{cert.serial}" +key = cert.public_key + +p crl = CRL.new(File.open("./01crl.pem").read) +print "Is CRL signed by CA?..." +if crl.verify cakey + puts "Yes - OK!" +else + puts "NO - Strange... Let's stop." + exit +end + +puts "In CRL there are serials:" +crl.revoked.each {|revoked| + puts "> #{revoked.serial} - revoked at #{revoked.time}" +} + +p store = Store.new + +## +# Uncomment to see what is checked... +store.verify_callback = verify_cb + +store.add_trusted ca + +puts "====================" +puts "Is CERT OK?..." +if store.verify cert + puts "Yes - we didn't add CRL to store!" + puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")" +else + puts "NO - HEY, this is error!" + puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")" +end + +puts "Let's add CRL..." + store.add_crl crl #CRL does NOT have affect on validity in current OpenSSL <= 0.9.6c !!! + +puts "====================" +puts "Is CERT still OK?..." +if store.verify cert + puts "Yes - HEY, this is bug! OpenSSL <= 0.9.6c doesn't care about CRL in Store :-((((" + puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")" +else + puts "No - now it works!" + puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")" +end + +puts "Trusted certs:" +store.chain.each_with_index {|cert, i| + puts "> #{i} --- #{cert.subject.to_s}" +} + |