如何使用net/http驗證ruby中的SSL證書鏈

Question

如何使用net/http驗證ruby中https://processing.ukash.com/這樣的站點的證書？

https = Net::HTTP.new('processing.ukash.com', 443) 
https.use_ssl = true 
https.verify_mode = OpenSSL::SSL::VERIFY_NONE 

工作到目前爲止，但我如何驗證它現在是正確的證書？我從firefox中保存了證書，但生成的.pem文件中有許多證書，而net/http似乎並不喜歡它。

Answer 1

從我的代碼片段集合：

#!/usr/bin/env ruby 
# How to: 
# ======= 
# Use Ruby's net/https library, to verify a SSL certificate. 
# ========================================================== 
# - Without verification the following code will lead to: 
# warning: peer certificate won't be verified in this SSL session 
# 
# #------------------begin example----------------------------- 
# require 'net/http' 
# require 'net/https' 
# require 'uri' 
# 
# url = URI.parse 'https://myname:mypass@mail.google.com/' 
# http = Net::HTTP.new(url.host, url.port) 
# http.use_ssl = (url.scheme == 'https') 
# request = Net::HTTP::Get.new(url.path) 
# request.basic_auth url.user, url.password 
# response = http.request(request) 
# #-------------------end example------------------------------ 
# 
# To verify the ssl cert cosider adapting the following. 
# Status: Untested 
# ======= 
# 
# References: 
# =========== 
# [1] http://mimori.org/%7Eh/tdiary/20080301.html#p03 
# [2] http://redcorundum.blogspot.com/2008/03/ssl-certificates-and-nethttps.html 
# 
require 'net/http' 
require 'net/https' 
require 'uri' 

RootCA = '/etc/ssl/certs' 

url = URI.parse 'https://myname:mypass@mail.google.com/' 
http = Net::HTTP.new(url.host, url.port) 
http.use_ssl = (url.scheme == 'https') 
if (File.directory?(RootCA) && http.use_ssl?) 
    http.ca_path = RootCA 
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER 
    http.verify_depth = 5 
else 
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE 
end 
request = Net::HTTP::Get.new(url.path) 
request.basic_auth url.user, url.password 
response = http.request(request) 

希望這有助於？

Answer 2

爲了完整起見，併爲我的未來我來說，這是一個小寶石，我做出來的這個：https://github.com/jarthod/ssl-test