Browse Source

Check for must_staple cert extension

master
aeris 2 years ago
parent
commit
f209e17f5d
2 changed files with 6 additions and 0 deletions
  1. 2
    0
      lib/cryptcheck/tls/https/grade.rb
  2. 4
    0
      lib/cryptcheck/tls/server.rb

+ 2
- 0
lib/cryptcheck/tls/https/grade.rb View File

@@ -6,6 +6,8 @@ module CryptCheck
6 6
 					super + [
7 7
 						[:hsts, Proc.new { |s| s.hsts? }, :good],
8 8
 						[:hsts_long, Proc.new { |s| s.hsts_long? }, :perfect],
9
+
10
+						#[:must_staple, Proc.new { |s| s.must_staple? }, :best],
9 11
 					]
10 12
 				end
11 13
 			end

+ 4
- 0
lib/cryptcheck/tls/server.rb View File

@@ -178,6 +178,10 @@ module CryptCheck
178 178
 				@fallback_scsv
179 179
 			end
180 180
 
181
+			def must_staple?
182
+				@cert.extensions.any? { |e| e.oid == '1.3.6.1.5.5.7.1.24' }
183
+			end
184
+
181 185
 			private
182 186
 			def name
183 187
 				name = "#@ip:#@port"

Loading…
Cancel
Save