Reputation: 4907
How can I convert this openssl command in ruby?
I am trying to convert this command to ruby code using OpenSSL:
openssl s_client -verify_hostname www.example.com -connect example.com:443
I've pieced together that openssl has a verify_hostname method but I dont think that I am using this properly. Contextually I have a problem verifying a domain's SAN field. For a given domain I get wrong results. I provide a domain that is clearly a name mismatch buy I get a verify_result code of 0 which is ok. The command above gives me the right information but I can't seem to get this to translate in ruby. Is there an online tool that can convert this for me?
Upvotes: 1
Views: 284
Answers (1)
Reputation: 774
-verify_hostname is a parameter and s_client is a method name in your command. Check the output of openssl s_client --help to get more information. OpenSSL gem has a verify_hostname method but its source code looks like it's only checking if provided strings are correct, it does not call the provided host.
All http clients will do the SSL verification for you by default (unless you disable it):
require "net/http"
begin
Net::HTTP.get(URI("https://expired.badssl.com"))
rescue OpenSSL::SSL::SSLError
puts "bad ssl cert"
end
If you'd like to to the exact thing as your command does you'd probably need to download host's certificate first and then instantiate it with OpenSSL::X509::Certificate.new verify it with the check_validity method.
Upvotes: 1
Related Questions
- Generate openssl password with Ruby
- Ruby not getting any cipher from openssl
- Using Ruby OpenSSL to download and read certificates
- How do you decrypt a file created with openssl in ruby?
- Converting a C implementation of OpenSSL to Ruby code
- ruby convert string private key back to openssl class for encryption
- Creating a digital signature in Ruby without command line
- Convert this function from php to ruby
- openssl equivalent command in ruby
- What's the Ruby OpenSSL library equivalent of this command?