class SSLCheck::Validators::CABundle

Public Instance Methods

validate() click to toggle source
# File lib/sslcheck/validators/ca_bundle.rb, line 4
def validate
  return nil if verified_certificate?
  SSLCheck::Errors::Validation::CABundleVerification.new({:name => "Certificate Authority Verification", :message => "The Certificate could not be verified using the supplied Certificate Authority (CA) Bundle."})
end

Private Instance Methods

verified_certificate?() click to toggle source
# File lib/sslcheck/validators/ca_bundle.rb, line 10
def verified_certificate?
  return false if @ca_bundle.empty?

  store = OpenSSL::X509::Store.new
  store.set_default_paths

  begin
    store.add_file File.join(SSL_CHECK_ROOT_DIR,'ca-bundle', 'ca-bundle.crt')
  rescue OpenSSL::X509::StoreError
    # If the certificate is already present,
    # we don't really care
  end

  @ca_bundle.each do |ca_cert|
    begin
      store.add_cert ca_cert.to_x509
    rescue OpenSSL::X509::StoreError
    end
  end

  store.verify(@peer_cert.to_x509)
end