summaryrefslogtreecommitdiff
path: root/lib/custodian/protocoltest/ssl.rb
AgeCommit message (Collapse)Author
2016-11-03Send the server-name-indicator (SNI) when falling back to legacy.3-send-sni-when-falling-back-to-opensslSteve Kemp
If ruby-based SSL negotiation fails then we fallback to invoking (horridly!) openssl directly. Until now this didn't send the SNI hostname to connect to, so it could only test the first/default SSL site that was listening upon a given IP address. This commit updates things such that we send the correct hostname, from the URL under-test.
2016-07-18Fallback to using `openssl` if we can't get certificates.Steve Kemp
Since the ruby version available to wheezy doesn't support TLS 1.2 fetching the certificate from remote HTTPS servers will fail, if that is all that is available. If we hit that condition, and only that one, we'll fall back to invoking `openssl` natively. This will allow us to monitor expiration-time for remote SSL certificates, but the downside is that we no longr receive the bundle that the remote server might send - so we cannot validate the signature chain. This closes #2.
2016-07-13Update error message for validation-failuSteve Kemp
2016-07-13Retry SSL checks on negotiation failure.release-0.29Steve Kemp
This prevents an endless loop.
2016-04-22More updates to silence rubocop style-guides.Steve Kemp
These warnings were largely whitespace-based.
2015-11-30Don't do SHA1 signature testing by default.Steve Kemp
2015-10-29Allow testng for weak certificate signing algorithms.Steve Kemp
This is a good thing to do, as Chrome will apaprently be refusing to show sites with SHA-1 in use over SHA-256. This closes #12358.
2015-08-04Override the alert-test-type for the SSL-expiry check.Steve Kemp
This allows better alerting.
2015-04-16Updated test-handler for new API.Steve Kemp
This update consists of two changes: * No longer return "true" or "false" instead return "TEST_FAILED", or "TEST_SUCCEEDED". * Removed the testing of test-inversion from the class, now it lives in the base-class where it should have done all along.
2015-03-09Updated to test for more whitespace issues.Steve Kemp
2015-03-09Removed trailing whitespace from the codeSteve Kemp
2015-03-09Remove spaces inside blocks.Steve Kemp
2015-03-09More minor space fixupsSteve Kemp
2015-03-09Whitespace fixups.Steve Kemp
These were all identified and suggested by rubocop.
2015-03-09Removed spaces inside parenthesis.Steve Kemp
2015-03-09Prefer single-quotes when you don't need interpolation.Steve Kemp
So "foo" is less good than 'foo'.
2015-03-09Do not terminate expressions with ";".Steve Kemp
Ruby is not Perl, much as I sometimes wish it were.
2015-03-09Avoid redudent returns.Steve Kemp
The last expression of a method is the return value. So: def foo; false ; end Is the same as: def foo; return false; end
2015-03-09Don't use parenthesis aroudn conditions in an if.Steve Kemp
2015-03-09Don't use "::" for method-calls.Steve Kemp
Instead prefer ".". Flagged by rubocop
2015-03-09Avoid redundent ".to_s" methods.Steve Kemp
These are not required if the argument is string already, or has a _to_s method which will be automatically invoked by magic.
2015-03-04Allow SSL-check to be disabled, via "no_ssl_check"Steve Kemp
2015-03-04New release - reporting SSL errors correctly.Steve Kemp
2015-03-04Work correctly if SSL library is too old for SNI.Steve Kemp
2015-02-18Added SSL checking magic, from Patrick.Steve Kemp
This is a clone of the code that we're already using for SSL checking of domains. The biggest excpetion is that I've disabled the SSL v2/v3 checking because that is causing alerts on https://google.com/ This closes #9563.
2015-02-18Show NOP messages.Steve Kemp
2015-02-18Added SSL-expiry checker.Steve Kemp
This is a stub for the moment, but it validates that we can have multiple handlers for a given test-type. This updates #9558.