Ruby script to craft OCSP queries from AIA field of SSL cert(s)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
swaggboi 7a7f39ee02 Remove version pinning 3 weeks ago
.gitignore Initial commit 3 months ago
Gemfile Acheivement unlocked: mostly functioning prototype 3 months ago
Gemfile.lock Acheivement unlocked: mostly functioning prototype 3 months ago
LICENSE Initial commit 3 months ago
README.md Implement ignore signature option 3 weeks ago
codeberg.pem Handle multiple leaf certs 2 months ago
le.pem Initial commit++ 3 months ago
ocsp_verify.rb Check for -i option before trying signature 3 weeks ago
swagg.pem Initial commit++ 3 months ago

README.md

ocsp_verify

Ruby script to craft OCSP queries from AIA field of SSL cert(s)

PEMs for subject and issuer of https://www.swagg.net and https://codeberg.org provided as examples

Run it

Install Gems

You shouldn't really need to this; all machines I've tested this on include these gems alongside the standard Ruby package:

$ bundle install

Print usage help

$ ./ocsp_verify.rb --help
Usage: ocsp_verify.rb [OPTIONS] <ISSUER CERT> <SUBJECT CERT(S)>
    -h, --help                       Show this help message
    -i, --ignore-signature           Don't validate signatures
    -n, --nonce                      Use nonce (CA must support this)
    -r, --root=FILE                  Add root cert to trust chain

Send it

$ ./ocsp_verify.rb le.pem swagg.pem codeberg.pem
swagg.pem (ipv6.swagg.net) is valid
codeberg.pem (codeberg.org) is valid

TODOs

  1. Implement versioning