Easily test your SSL/TLS with RSpec
Ruby
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
spec
.gitignore
.rspec
.rubocop.yml
.travis.yml
Gemfile
LICENSE.txt
README.md
RELEASE_NOTES.md
Rakefile
rspec-ssltls.gemspec

README.md

rspec-ssltls Build StatusCoverage StatusCode ClimateGem Version

Rspec-ssltls is an rspec plugin for easy SSL/TLS testing with Ruby standard OpenSSL library.

Usage

RSpec-ssltls is best described by example. First, require rspec_ssltls in your spec_helper.rb:

# spec/spec_helper.rb
require 'rspec_ssltls'

Then, create a spec like this:

require 'spec_helper'

describe 'www.example.com:443' do
  it { is_expected.to have_certificate.subject(CN: '*.example.com') }
  it { is_expected.to have_certificate.issuer(CN: 'ca.example.org') }
  it { is_expected.to have_certificate.chain(0).subject(CN: '*.example.com') }
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST')
  end
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com')
      .valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
  end
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com').signature_algorithm('sha1WithRSAEncryption')
  end
  it { is_expected.to have_certificate.verified }
  it do
    is_expected.to have_certificate
      .verified_with(File.read('example.org.cer'))
  end
  it { is_expected.to support_protocol('TLSv1_2') }
  it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
  it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
  it do
    is_expected.to choose_cipher('DES-CBC3-SHA')
      .protocol('TLSv1')
      .from(['AES256-SHA', 'AES128-SHA', 'DES-CBC3-SHA'])
  end
end

You can use via_proxy chain to specify https_proxy server.

describe 'www.example.com:443' do
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST')
      .via_proxy('http://user:pass@proxy.example.com:3128/')
  end
end

You can also specify https_proxy server with RSpec.configuration.rspec_ssltls_https_proxy as global configuration.

RSpec.configuration.rspec_ssltls_https_proxy = 'http://proxy.example.com:3128'

or

RSpec.configuration.rspec_ssltls_https_proxy = ENV['https_proxy']

You can use followings for support_protocol and support_cipher.protocol:

 OpenSSL::SSL::SSLContext::METHODS
  :TLSv1, :TLSv1_server, :TLSv1_client,
  :TLSv1_2, :TLSv1_2_server, :TLSv1_2_client,
  :TLSv1_1, :TLSv1_1_server, :TLSv1_1_client,
  :SSLv2, :SSLv2_server, :SSLv2_client,
  :SSLv3, :SSLv3_server, :SSLv3_client,
  :SSLv23, :SSLv23_server, :SSLv23_client

You can use ciphers for support_cipher.

You can use signature algorithm for signature_algorithm.

Installation

Add this line to your application's Gemfile:

gem 'rspec-ssltls'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rspec-ssltls

Contributing

  1. Fork it ( https://github.com/otahi/rspec-ssltls/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request