Sync with prod

4 years ago · 0e114bad9b
parent 75b8614cc3
commit 0e114bad9b
9 changed files with 47 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,4 +11,5 @@
 /lib/*.so.*
 /.ruby-version
 /rakefile
+.bundle/
 Gemfile.lock
--- a/lib/cryptcheck.rb
+++ b/lib/cryptcheck.rb
@ -13,6 +13,7 @@ module CryptCheck
 		autoload :Cipher, 'cryptcheck/tls/cipher'
 		autoload :Curve, 'cryptcheck/tls/curve'
 		autoload :Cert, 'cryptcheck/tls/cert'
+		autoload :CAA, 'cryptcheck/tls/caa'
 		autoload :Engine, 'cryptcheck/tls/engine'
 		autoload :Server, 'cryptcheck/tls/server'
 		autoload :TcpServer, 'cryptcheck/tls/server'
--- a/lib/cryptcheck/tls/caa.rb
+++ b/lib/cryptcheck/tls/caa.rb
@ -0,0 +1,15 @@
+require 'resolve'
+
+class Resolv::DNS::Resource::IN::CAA < Resolv::DNS::Resource::IN::TXT
+	TypeValue = 257
+end
+
+module CryptCheck
+	module Tls
+		module CAA
+			def check_caa
+
+			end
+		end
+	end
+end
--- a/lib/cryptcheck/tls/cert.rb
+++ b/lib/cryptcheck/tls/cert.rb
@ -1,8 +1,9 @@
 module CryptCheck
 	module Tls
 		class Cert
-			DEFAULT_CA_DIRECTORIES = [
-					'/usr/share/ca-certificates/mozilla'
+			DEFAULT_CA_DIRECTORIES = %w[
+					/usr/share/ca-certificates/mozilla
+					/etc/ca-certificates/extracted/cadir
 			]

 			SIGNATURE_ALGORITHMS      = %i(md2 mdc2 md4 md5 ripemd160 sha sha1 sha2 rsa dss ecc ghost).freeze
--- a/lib/cryptcheck/tls/curve.rb
+++ b/lib/cryptcheck/tls/curve.rb
@ -4,7 +4,7 @@ module CryptCheck
 			attr_reader :name

 			def initialize(name)
-				name = name.to_sym if name.is_a? String
+				name  = name.to_sym if name.is_a? String
 				@name = name
 			end

@ -36,12 +36,12 @@ module CryptCheck

 			def ==(other)
 				case other
-					when String
-						@name == other.to_sym
-					when Symbol
-						@name == other
-					else
-						@name == other.name
+				when String
+					@name == other.to_sym
+				when Symbol
+					@name == other
+				else
+					@name == other.name
 				end
 			end

--- a/lib/cryptcheck/tls/engine.rb
+++ b/lib/cryptcheck/tls/engine.rb
@ -282,7 +282,8 @@ module CryptCheck
 					begin
 						ssl_client method, fallback: true
 					rescue InappropriateFallback,
-							CipherNotAvailable # Seems some servers reply with "sslv3 alert handshake failure"...
+							CipherNotAvailable, # Seems some servers reply with "sslv3 alert handshake failure"…
+							MethodNotAvailable, # Seems some servers reply with "wrong version number"…
 						@fallback_scsv = true
 					end
 				else
--- a/lib/cryptcheck/tls/fixture.rb
+++ b/lib/cryptcheck/tls/fixture.rb
@ -170,6 +170,7 @@ class ::OpenSSL::X509::Store
 			when ::OpenSSL::X509::Certificate
 				self.add_cert chain
 			else
+				next unless File.exists? chain
 				if File.directory?(chain)
 					Dir.entries(chain)
 							.collect { |e| File.join chain, e }
--- a/lib/cryptcheck/tls/host.rb
+++ b/lib/cryptcheck/tls/host.rb
@ -46,17 +46,20 @@ module CryptCheck
 						# Logger.error { e.backtrace }
 						Logger.error { e }
 						AnalysisFailure.new e
+						raise
 					rescue ::Timeout::Error
 						# Logger.error { e.backtrace }
 						Logger.error { e }
 						TooLongAnalysis.new
+						raise
 					end
 					[[@hostname, ip, @port], result]
 				end.to_h
 			rescue => e
-				# Logger.error { e.backtrace }
+				Logger.error { e.backtrace }
 				Logger.error { e }
 				@error = e
+				raise
 			end

 			def key
--- a/lib/cryptcheck/tls/https.rb.bak
+++ b/lib/cryptcheck/tls/https.rb.bak
@ -0,0 +1,13 @@
+module CryptCheck
+	module Tls
+		module Https
+			def self.analyze(host, port=443)
+				::CryptCheck.analyze host, port, Server
+			end
+
+			def self.analyze_file(input, output)
+				::CryptCheck.analyze_file(input, 'output/https.erb', output) { |host| self.analyze host }
+			end
+		end
+	end
+end