Ruby script to craft OCSP queries from AIA field of SSL cert(s)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
swaggboi ede4400ffa Check Ruby version for now (need to see if this can be worked around on older versions) 4 months ago
.gitignore Initial commit 1 year ago
Gemfile Acheivement unlocked: mostly functioning prototype 1 year ago
Gemfile.lock Acheivement unlocked: mostly functioning prototype 1 year ago
LICENSE Initial commit 1 year ago
README.md Implement ignore signature option 1 year ago
codeberg.pem Handle multiple leaf certs 1 year ago
le.pem Initial commit++ 1 year ago
ocsp_verify.rb Check Ruby version for now (need to see if this can be worked around on older versions) 4 months ago
swagg.pem Check Ruby version for now (need to see if this can be worked around on older versions) 4 months ago

README.md

ocsp_verify

Ruby script to craft OCSP queries from AIA field of SSL cert(s)

PEMs for subject and issuer of https://www.swagg.net and https://codeberg.org provided as examples

Run it

Install Gems

You shouldn't really need to this; all machines I've tested this on include these gems alongside the standard Ruby package:

$ bundle install

Print usage help

$ ./ocsp_verify.rb --help
Usage: ocsp_verify.rb [OPTIONS] <ISSUER CERT> <SUBJECT CERT(S)>
    -h, --help                       Show this help message
    -i, --ignore-signature           Don't validate signatures
    -n, --nonce                      Use nonce (CA must support this)
    -r, --root=FILE                  Add root cert to trust chain

Send it

$ ./ocsp_verify.rb le.pem swagg.pem codeberg.pem
swagg.pem (ipv6.swagg.net) is valid
codeberg.pem (codeberg.org) is valid

TODOs

  1. Implement versioning