lib/sslcheck/validators/ca_bundle.rb
module SSLCheck
module Validators
class CABundle < GenericValidator
def validate
return nil if verified_certificate?
SSLCheck::Errors::Validation::CABundleVerification.new({:name => "Certificate Authority Verification", :message => "The Certificate could not be verified using the supplied Certificate Authority (CA) Bundle."})
end
private
def verified_certificate?
return false if @ca_bundle.empty?
store = OpenSSL::X509::Store.new
store.set_default_paths
begin
store.add_file File.join(SSL_CHECK_ROOT_DIR,'ca-bundle', 'ca-bundle.crt')
rescue OpenSSL::X509::StoreError
# If the certificate is already present,
# we don't really care
end
@ca_bundle.each do |ca_cert|
begin
store.add_cert ca_cert.to_x509
rescue OpenSSL::X509::StoreError
end
end
store.verify(@peer_cert.to_x509)
end
end
end
end