/rspec-ssltls

Easily test your SSL/TLS with RSpec

Primary LanguageRubyMIT LicenseMIT

rspec-ssltls Build StatusCoverage StatusCode ClimateGem Version

Rspec-ssltls is an rspec plugin for easy SSL/TLS testing with Ruby standard OpenSSL library.

Usage

RSpec-ssltls is best described by example. First, require rspec_ssltls in your spec_helper.rb:

# spec/spec_helper.rb
require 'rspec_ssltls'

Then, create a spec like this:

require 'spec_helper'

describe 'www.example.com:443' do
  it { is_expected.to have_certificate.subject(CN: '*.example.com') }
  it { is_expected.to have_certificate.issuer(CN: 'ca.example.org') }
  it { is_expected.to have_certificate.chain(0).subject(CN: '*.example.com') }
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST')
  end
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com')
      .valid_in('2014/09/12 19:00:05 UTC', '2015/10/01 00:00:00 UTC')
  end
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com').signature_algorithm('sha1WithRSAEncryption')
  end
  it { is_expected.to have_certificate.verified }
  it do
    is_expected.to have_certificate
      .verified_with(File.read('example.org.cer'))
  end
  it { is_expected.to support_protocol('TLSv1_2') }
  it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') }
  it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') }
  it do
    is_expected.to choose_cipher('DES-CBC3-SHA')
      .protocol('TLSv1')
      .from(['AES256-SHA', 'AES128-SHA', 'DES-CBC3-SHA'])
  end
end

You can use via_proxy chain to specify https_proxy server.

describe 'www.example.com:443' do
  it do
    is_expected.to have_certificate
      .subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST')
      .via_proxy('http://user:pass@proxy.example.com:3128/')
  end
end

You can also specify https_proxy server with RSpec.configuration.rspec_ssltls_https_proxy as global configuration.

RSpec.configuration.rspec_ssltls_https_proxy = 'http://proxy.example.com:3128'

or

RSpec.configuration.rspec_ssltls_https_proxy = ENV['https_proxy']

You can use followings for support_protocol and support_cipher.protocol:

 OpenSSL::SSL::SSLContext::METHODS
  :TLSv1, :TLSv1_server, :TLSv1_client,
  :TLSv1_2, :TLSv1_2_server, :TLSv1_2_client,
  :TLSv1_1, :TLSv1_1_server, :TLSv1_1_client,
  :SSLv2, :SSLv2_server, :SSLv2_client,
  :SSLv3, :SSLv3_server, :SSLv3_client,
  :SSLv23, :SSLv23_server, :SSLv23_client

You can use ciphers for support_cipher.

You can use signature algorithm for signature_algorithm.

Installation

Add this line to your application's Gemfile:

gem 'rspec-ssltls'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rspec-ssltls

Contributing

  1. Fork it ( https://github.com/otahi/rspec-ssltls/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request