-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdoctor.rb
89 lines (74 loc) · 2.83 KB
/
doctor.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# frozen_string_literal: true
# Usage: ruby doctor.rb [HOST=status.github.com[:PORT=443]]
require 'rbconfig'
require 'net/https'
if ARGV[0] =~ /^[^-]/
host, port = ARGV[0].split(':', 2)
else
host = 'status.github.com'
end
port ||= 443
ruby = File.join(RbConfig::CONFIG['bindir'], RbConfig::CONFIG['ruby_install_name'])
ruby_version = RUBY_VERSION
if patch = RbConfig::CONFIG['PATCHLEVEL']
ruby_version += "-p#{patch}"
end
puts format('%s (%s)', ruby, ruby_version)
openssl_dir = OpenSSL::X509::DEFAULT_CERT_AREA
mac_openssl = openssl_dir == '/System/Library/OpenSSL'
puts format('%s: %s', OpenSSL::OPENSSL_VERSION, openssl_dir)
[OpenSSL::X509::DEFAULT_CERT_DIR_ENV, OpenSSL::X509::DEFAULT_CERT_FILE_ENV].each do |key|
puts format('%s=%s', key, ENV[key].to_s.inspect)
end
ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
ca_path = (ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR).chomp('/')
puts "\nHEAD https://#{host}:#{port}"
http = Net::HTTP.new(host, port)
http.use_ssl = true
# Explicitly setting cert_store like this is not needed in most cases but it
# seems necessary in edge cases such as when using `verify_callback` in some
# combination of Ruby + OpenSSL versions.
http.cert_store = OpenSSL::X509::Store.new
http.cert_store.set_default_paths
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
failed_cert = failed_cert_reason = nil
if mac_openssl
warn "warning: will not be able show failed certificate info on OS X's OpenSSL"
# This drives me absolutely nuts. It seems that on Rubies compiled against OS X's
# system OpenSSL, the mere fact of defining a `verify_callback` makes the
# cert verification fail for requests that would otherwise be successful.
else
http.verify_callback = lambda { |verify_ok, store_context|
unless verify_ok
failed_cert = store_context.current_cert
failed_cert_reason = format('%d: %s', store_context.error, store_context.error_string)
end
verify_ok
}
end
user_agent = "net/http #{ruby_version}"
req = Net::HTTP::Head.new('/', 'user-agent' => user_agent)
begin
res = http.start { http.request(req) }
abort res.inspect if res.code.to_i >= 500
puts 'OK'
rescue Errno::ECONNREFUSED
puts 'Error: connection refused'
exit 1
rescue OpenSSL::SSL::SSLError => e
puts "#{e.class}: #{e.message}"
if failed_cert
puts "\nThe server presented a certificate that could not be verified:"
puts " subject: #{failed_cert.subject}"
puts " issuer: #{failed_cert.issuer}"
puts ' error code %s' % failed_cert_reason
end
ca_file_missing = !File.exist?(ca_file) && !mac_openssl
ca_path_empty = Dir["#{ca_path}/*"].empty?
if ca_file_missing || ca_path_empty
puts "\nPossible causes:"
puts " `%s' does not exist" % ca_file if ca_file_missing
puts " `%s/' is empty" % ca_path if ca_path_empty
end
exit 1
end