r509 v0.6

Posted by on January 17, 2012 No comments

r509 v0.6 is out. There were 39 commits encompassing the following changes from 0.5 to 0.6.

* Gemfile updated to set proper versions of supporting gems for doc generation
* Fixes to load_yaml in Config
* OCSP handling extensively refactored and most of the logic moved into the r509 OCSP responder project.
* Cert#subject_component no longer improperly upcases elements
* SAN is now supported in self-signed certificates
* Cert#san_names returns an empty array if no san_names exist
* Cert#fingerprint is now an available method
* Cert#subject_names returns a concatenation (de-duped) of CN and SANs
* General refactoring in several areas to improve code quality
* Csr now takes :san_names in constructor instead of :domains. This is more consistent
* Files renamed to lowercase to match Ruby conventions
* Cert#in_validity_range? method added
* Fixed some order dependent tests

The majority of work went into improving the OCSP codebase, which was moved into the r509-ocsp-responder project, but that’s a subject for another blog entry!

r509 v0.5

Posted by on December 27, 2011 No comments

I haven’t talked about r509 here in awhile, but since v0.5 just got tagged I thought I’d plug it again. r509 is a wrapper for the OpenSSL libraries in Ruby. It’s designed to allow you to do a wide variety of certificate authority related operations (issuance, revocation, CRL generation, OCSP responses, et cetera). There are also some ancillary gems that are under active development (r509-ca-http, r509-ocsp-responder, r509-validity-redis) which will gain more documentation as these projects progress.

Check it out, file issues, fork, and contribute!

Ruby OpenSSL::X509::Name#to_a Dissection

Posted by on December 21, 2011 No comments

Over at Viking Hammer my coworker Sean Schulte has written up a great article dissecting an issue we ran into regarding the way Ruby’s OpenSSL::X509::Name#to_a currently builds its array. He discusses the problem, the two solutions we came up with, and shares code examples. Go check it out!

Git Hooks For Pre-Commit Rspec Testing

Posted by on December 19, 2011 No comments

Here’s a pair of scripts for automatically running Ruby rspec tests, refusing to commit if they fail, and pulling in the results into the commit msg. If you want to use them place them in your project’s .git/hooks directory as executable scripts.

These scripts assume you have rspec writing to rspec_results.html. To do this by default add a .rspec file in your project dir with “-f doc -f h -o rspec_results.html” inside.

pre-commit

#!/usr/bin/env ruby
require 'pty'
html_path = "rspec_results.html"  
#PTY.spawn trick from
#http://stackoverflow.com/questions/1154846/continuously-read-from-stdout-of-external-process-in-ruby
begin
	PTY.spawn( "rake spec" ) do |stdin, stdout, pid|
	begin
		stdin.each { |line| print line }
	rescue Errno::EIO
		end
	end
rescue PTY::ChildExited
	puts "The child process exited!"
end
 
# find out how many errors were found  
html = open(html_path).read  
examples = html.match(/(\d+) examples/)[0].to_i rescue 0  
failures = html.match(/(\d+) failures/)[0].to_i rescue 0  
if failures == 0 then
	failures = html.match(/(\d+) failure/)[0].to_i rescue 0  
end
pending = html.match(/(\d+) pending/)[0].to_i rescue 0  
 
if failures.zero?  
  puts "0 failed! #{examples} run, #{pending} pending"  
  puts "View rspec results at #{File.expand_path(html_path)}"  
  sleep 1
  exit 0
else  
  puts "\aDID NOT COMMIT YOUR FILES!"  
  puts "View rspec results at #{File.expand_path(html_path)}"  
  puts  
  puts "#{failures} failed! #{examples} run, #{pending} pending"  
  `open #{html_path}`
  exit 1  
end

prepare-commit-msg

#!/usr/bin/env ruby
html_path = "rspec_results.html"
# find out how many errors were found  
html = open(html_path).read
examples = html.match(/(\d+) examples/)[0].to_i rescue 0
failures = html.match(/(\d+) failures/)[0].to_i rescue 0
if failures == 0 then
        failures = html.match(/(\d+) failure/)[0].to_i rescue 0
end
pending = html.match(/(\d+) pending/)[0].to_i rescue 0
 
 
message_file = ARGV[0]
message = File.read(message_file)
index = message.index('# Please enter the commit message for your changes. Lines starting')
message.insert(index-1, "\n\n#{failures} failed! #{examples} run, #{pending} pending")
open(message_file,'w') { |f|
        f.puts(message)
}

Growl For turntable.fm

Posted by on December 14, 2011 No comments

turntable.fm is a fun place to discover new music and play it for your friends, but it’s frustrating to use at work since you have to switch to the tab to see what song is playing and who’s saying what. I wrote a Fluid userscript that you can use to growl songs and chat lines to solve this problem. It also prevents idle timeouts from occuring in turntable if you don’t interact with it for awhile.

var debug = false;
 
var sendChat = false;
 
logger('loading userscript');
 
function bindDOM() {
    logger('binding');
    $('.messages').bind('DOMNodeInserted',parseChat);
    $(window).blur(function() {
        sendChat = true;
    });
    $(window).focus(function() {
        sendChat = false;
    });
}
 
function parseChat(event) {
    var message = event.target;
    var author = $(message).find('.speaker').text();
    var body = $(message).find('.text').text();
    if (body.indexOf('started playing') == 1) {
        var artist = body.match(/by (.*)/)[1];
        var song = body.match(/"(.+)"/)[1];
        logger('growling now');
        logger(artist);
        logger(song);
        showGrowl(artist,song);
    } else {
        body = body.substr(2);
        if (sendChat) {
            showGrowl(author,body);
        }
    }
}
 
function showGrowl(title,description) {
    window.fluid.showGrowlNotification({
        title: title, 
        description: description, 
        priority: 1, 
        sticky: false,
        identifier: "sh.langui.turntable"
    });
}
 
function idlePreventer() {
    logger('invoking idle preventer');
    $('.addSongsButton').click();
    $('.cancelButton').click();
}
 
function logger(data) {
    if(debug) {
        console.log(data);
    }
}
 
setTimeout(bindDOM,5000);
setInterval(idlePreventer,300000);

You’ll need a licensed version of Fluid to use this userscript.

iOS 4.3.5 Certificate Handling Vulnerability

Posted by on July 25, 2011 No comments

Apple released a new iOS today to fix a bug I reported. More info here. I’ll also be giving a talk with Nick Percoco about this and other SSL issues in mobile OSes at DEFCON 19. Hope to see you there!