Ruby script to craft OCSP queries from AIA field of SSL cert(s)

Go to file

swaggboi ede4400ffa Check Ruby version for now (need to see if this can be worked around on older versions)		2022-05-25 14:54:23 -04:00
.gitignore	Initial commit	2021-07-21 22:35:48 +02:00
Gemfile	Acheivement unlocked: mostly functioning prototype	2021-07-23 22:30:01 -04:00
Gemfile.lock	Acheivement unlocked: mostly functioning prototype	2021-07-23 22:30:01 -04:00
LICENSE	Initial commit	2021-07-21 22:35:48 +02:00
README.md	Implement ignore signature option	2021-09-27 20:12:46 -04:00
codeberg.pem	Handle multiple leaf certs	2021-08-21 23:34:57 -04:00
le.pem	Initial commit++	2021-07-21 16:38:19 -04:00
ocsp_verify.rb	Check Ruby version for now (need to see if this can be worked around on older versions)	2022-05-25 14:54:23 -04:00
swagg.pem	Check Ruby version for now (need to see if this can be worked around on older versions)	2022-05-25 14:54:23 -04:00

README.md

ocsp_verify

Ruby script to craft OCSP queries from AIA field of SSL cert(s)

PEMs for subject and issuer of https://www.swagg.net and https://codeberg.org provided as examples

Run it

Install Gems

You shouldn't really need to this; all machines I've tested this on include these gems alongside the standard Ruby package:

$ bundle install

Print usage help

$ ./ocsp_verify.rb --help
Usage: ocsp_verify.rb [OPTIONS] <ISSUER CERT> <SUBJECT CERT(S)>
    -h, --help                       Show this help message
    -i, --ignore-signature           Don't validate signatures
    -n, --nonce                      Use nonce (CA must support this)
    -r, --root=FILE                  Add root cert to trust chain

Send it

$ ./ocsp_verify.rb le.pem swagg.pem codeberg.pem
swagg.pem (ipv6.swagg.net) is valid
codeberg.pem (codeberg.org) is valid

TODOs

Implement versioning