1

I am trying to convert this command to ruby code using OpenSSL:

openssl s_client -verify_hostname www.example.com -connect example.com:443

I've pieced together that openssl has a verify_hostname method but I dont think that I am using this properly. Contextually I have a problem verifying a domain's SAN field. For a given domain I get wrong results. I provide a domain that is clearly a name mismatch buy I get a verify_result code of 0 which is ok. The command above gives me the right information but I can't seem to get this to translate in ruby. Is there an online tool that can convert this for me?

Improve this question

1 Answer 1

Reset to default
1

-verify_hostname is a parameter and s_client is a method name in your command. Check the output of openssl s_client --help to get more information. OpenSSL gem has a verify_hostname method but its source code looks like it's only checking if provided strings are correct, it does not call the provided host.

All http clients will do the SSL verification for you by default (unless you disable it): 

require "net/http"

begin
  Net::HTTP.get(URI("https://expired.badssl.com"))
rescue OpenSSL::SSL::SSLError
  puts "bad ssl cert"
end

If you'd like to to the exact thing as your command does you'd probably need to download host's certificate first and then instantiate it with OpenSSL::X509::Certificate.new verify it with the check_validity method.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.