blob: d70e85d5ebb012d36973a59b4bc2e1fbae31afae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
#!/usr/bin/ruby -w
require 'openssl'
include OpenSSL
include X509
verify_cb = Proc.new {|ok, x509_store|
puts "\t\t====begin Verify===="
puts "\t\tOK = #{ok}"
puts "\t\tchecking #{x509_store.cert.subject.to_s}"
puts "\t\tstatus = #{x509_store.verify_status} - that is \"#{x509_store.verify_message}\""
puts "\t\t==== end Verify===="
#raise "SOME ERROR!" # Cert will be rejected
#false # Cert will be rejected
#true # Cert is OK
ok # just throw 'ok' through
}
p ca = Certificate.new(File.open("./cacert.pem").read)
puts "CA = #{ca.subject.to_s}, serial = #{ca.serial}"
cakey = ca.public_key
p cert = Certificate.new(File.open("./01cert.pem").read)
puts "Cert = #{cert.subject.to_s}, serial = #{cert.serial}"
key = cert.public_key
p crl = CRL.new(File.open("./01crl.pem").read)
print "Is CRL signed by CA?..."
if crl.verify cakey
puts "Yes - OK!"
else
puts "NO - Strange... Let's stop."
exit
end
puts "In CRL there are serials:"
crl.revoked.each {|revoked|
puts "> #{revoked.serial} - revoked at #{revoked.time}"
}
p store = Store.new
##
# Uncomment to see what is checked...
store.verify_callback = verify_cb
store.add_trusted ca
puts "===================="
puts "Is CERT OK?..."
if store.verify cert
puts "Yes - we didn't add CRL to store!"
puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")"
else
puts "NO - HEY, this is error!"
puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")"
end
puts "Let's add CRL..."
store.add_crl crl #CRL does NOT have affect on validity in current OpenSSL <= 0.9.6c !!!
puts "===================="
puts "Is CERT still OK?..."
if store.verify cert
puts "Yes - HEY, this is bug! OpenSSL <= 0.9.6c doesn't care about CRL in Store :-(((("
puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")"
else
puts "No - now it works!"
puts "\t\t(status = #{store.verify_status} - that is \"#{store.verify_message}\")"
end
puts "Trusted certs:"
store.chain.each_with_index {|cert, i|
puts "> #{i} --- #{cert.subject.to_s}"
}
|