rspec-ssltls
Rspec-ssltls is an rspec plugin for easy SSL/TLS testing with Ruby standard OpenSSL library.
Usage
RSpec-ssltls is best described by example. First, require rspec_ssltls
in your spec_helper.rb
:
# spec/spec_helper.rb
require 'rspec_ssltls'
Then, create a spec like this:
require 'spec_helper'
describe 'www.example.com:443' do
it { is_expected.to have_certificate.subject(CN: '*.example.com') }
it { is_expected.to have_certificate.issuer(CN: 'ca.example.org') }
it { is_expected.to have_certificate.chain(0).subject(CN: '*.example.com') }
it do
is_expected.to have_certificate
.subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST')
end
it do
is_expected.to have_certificate
.subject(CN: '*.example.com')
.valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
end
it do
is_expected.to have_certificate
.subject(CN: '*.example.com').signature_algorithm('sha1WithRSAEncryption')
end
it { is_expected.to have_certificate.verified }
it do
is_expected.to have_certificate
.verified_with(File.read('example.org.cer'))
end
it { is_expected.to support_protocol('TLSv1_2') }
it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
it do
is_expected.to choose_cipher('DES-CBC3-SHA')
.protocol('TLSv1')
.from(['AES256-SHA', 'AES128-SHA', 'DES-CBC3-SHA'])
end
end
You can use via_proxy
chain to specify https_proxy server.
describe 'www.example.com:443' do
it do
is_expected.to have_certificate
.subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST')
.via_proxy('http://user:pass@proxy.example.com:3128/')
end
end
You can also specify https_proxy server with RSpec.configuration.rspec_ssltls_https_proxy
as global configuration.
RSpec.configuration.rspec_ssltls_https_proxy = 'http://proxy.example.com:3128'
or
RSpec.configuration.rspec_ssltls_https_proxy = ENV['https_proxy']
You can use followings for support_protocol
and support_cipher.protocol
:
OpenSSL::SSL::SSLContext::METHODS
:TLSv1, :TLSv1_server, :TLSv1_client,
:TLSv1_2, :TLSv1_2_server, :TLSv1_2_client,
:TLSv1_1, :TLSv1_1_server, :TLSv1_1_client,
:SSLv2, :SSLv2_server, :SSLv2_client,
:SSLv3, :SSLv3_server, :SSLv3_client,
:SSLv23, :SSLv23_server, :SSLv23_client
You can use ciphers for support_cipher
.
You can use signature algorithm for signature_algorithm
.
Installation
Add this line to your application's Gemfile:
gem 'rspec-ssltls'
And then execute:
$ bundle
Or install it yourself as:
$ gem install rspec-ssltls
Contributing
- Fork it ( https://github.com/otahi/rspec-ssltls/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request