Check for must_staple cert extension

7 years ago · f209e17f5d
parent 8a1c4f8856
commit f209e17f5d
2 changed files with 6 additions and 0 deletions
--- a/lib/cryptcheck/tls/https/grade.rb
+++ b/lib/cryptcheck/tls/https/grade.rb
@ -6,6 +6,8 @@ module CryptCheck
 					super + [
 						[:hsts, Proc.new { |s| s.hsts? }, :good],
 						[:hsts_long, Proc.new { |s| s.hsts_long? }, :perfect],
+
+						#[:must_staple, Proc.new { |s| s.must_staple? }, :best],
 					]
 				end
 			end
--- a/lib/cryptcheck/tls/server.rb
+++ b/lib/cryptcheck/tls/server.rb
@ -178,6 +178,10 @@ module CryptCheck
 				@fallback_scsv
 			end

+			def must_staple?
+				@cert.extensions.any? { |e| e.oid == '1.3.6.1.5.5.7.1.24' }
+			end
+
 			private
 			def name
 				name = "#@ip:#@port"