rubygems
RUBY_DESCRIPTION, minor formatting, width
Using Ruby 2.7 and later, RUBY_REVISION is the full Git commit SHA. Use RUBY_DESCRIPTION if defined.
Also, since cert files don't affect RubyGems & Bundler connections, info about them is only shown when they cause an error with net/http.
Made additional changes to format long output lines into shorter separate lines. Passing example output:
PS C:\Greg\GitHub\ruby-ssl-check> ruby check.rb
Here's your Ruby and OpenSSL environment:
Ruby: ruby 2.8.0dev (2020-06-26T08:40:20Z master ad1ebefefe) [x64-mingw32]
RubyGems: 3.2.0.pre1
Bundler: 2.2.0.dev
OpenSSL: 2.2.0
Compiled with: OpenSSL 1.1.1g 21 Apr 2020
Loaded with: OpenSSL 1.1.1g 21 Apr 2020
Trying connections to https://rubygems.org:
Bundler: ✅ success
RubyGems: ✅ success
Ruby net/http: ✅ success
Hooray! This Ruby can connect to rubygems.org.
You are all set to use Bundler and RubyGems. 👌
PS C:\Greg\GitHub\ruby-ssl-check>
Below is a output from current:
PS C:\Greg\GitHub> curl -Lks 'https://git.io/rg-ssl' | ruby
Here's your Ruby and OpenSSL environment:
Ruby: 2.8.0p-1 (2020-06-01 revision cadd2245f7f10850e0b11e5b678b2049399a2d3e) [x64-mingw32]
RubyGems: 3.2.0.pre1
Bundler: 2.2.0.dev
Compiled with: OpenSSL 1.1.1g 21 Apr 2020
Loaded version: OpenSSL 1.1.1g 21 Apr 2020
SSL_CERT_FILE: C:/Greg/ruby-mingw/ssl/cert.pem
SSL_CERT_DIR: C:/Greg/ruby-mingw/ssl/certs
With that out of the way, let's see if you can connect to rubygems.org...
Bundler connection to rubygems.org: success ✅
RubyGems connection to rubygems.org: success ✅
Ruby net/http connection to rubygems.org: success ✅
Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. 👌
PS C:\Greg\GitHub>
@MSP-Greg if you're happy with this lmk and I can just apply the exit_code = 1 => exit 1 patch and merge it.
@duckinator
I can just apply the exit_code = 1 => exit 1 patch and merge it.
Actually, that would be great, as my internet connection is down...
EDIT: Got a slow (but working connection), so I eliminated the exit_code = 1 code...
@duckinator
Let me make a few more changes to this. I think I used the exit_code with the idea of showing as much 'system info' as possible, but must have been interrupted as I never finished.
Loading OpenSSL can fail if the ruby code doesn't exist, but it can also fails if Ruby's OpenSSL can't find the system's OpenSSL files (depending on how it's compiled). It would be helpful to show info about that if it happens. Let me look at that...
I've thought this could provide better messages when OpenSSL doesn't load. With MRI Ruby, OpenSSL loads as follows:
openssl.rb => openssl.
I've added errors messages for whether 'system openssl files' can't load, whether 'openssl.
@MSP-Greg this is looking really good still, and I like your idea on better OpenSSL feedback. lmk when it's ready and I'll take another look! ^^
@duckinator
Thanks. I think I'm going to turn it into a module (with a main run method calling a bunch others) so it's a bit clearer what's happening and easier to add comments.
So, I'm trying to get it providing more diagnostics. I've also added checking for OpenSSL gems, etc.
For example, maybe someone tried to install a newer Ruby OpenSSL and that's broken, but it's the version that loaded. Or, maybe their DNS is bad.
Presently, for someone with connection issues, there may be a need for additional 'try this' back and forth that more/better diagnostics might eliminate.
Hence, it's getting more involved. Locally, I can test all major/minor versions back to Ruby 1.9.3 and OpenSSL 1.0.0. I'll ping you when done...
@duckinator
Sorry, putting out fires here and there. What it looks like now (for a working Ruby):
Here's your Ruby and OpenSSL environment:
Ruby: ruby 2.8.0dev (2020-07-04T08:28:23Z master 74e1bca79d) [x64-mingw32]
RubyGems: 3.2.0.pre1
Bundler: 2.2.0.dev
Ruby OpenSSL: 2.2.0
Compiled: OpenSSL 1.1.1g 21 Apr 2020
Loaded: OpenSSL 1.1.1g 21 Apr 2020
Trying https connections to rubygems.org:
✅ Bundler: success
✅ RubyGems: success
✅ Ruby: success connected with TLSv1_2
Trying https connections to rubygems.org without system certs:
✅ Bundler: success
✅ RubyGems: success
Ruby (net/http), RubyGems, and Bundler can all connect to rubygems.org.
You are all set to use Bundler and RubyGems. 👌
Both Bundler & RG use a combination of their own certs and OpenSSL's 'system certs'. If either are current, connections can be made, as long as TLSv1_2 is supported. Typically, that would include Ruby 2.0. Below is output from a 2.0 build with current 'system certs', but Bundler & RG with outdated certs:
Here's your Ruby and OpenSSL environment:
Ruby: ruby 2.0.0p648 (2015-12-16) [x64-mingw32]
RubyGems: 2.0.14.1
Bundler: 1.6.2
Ruby OpenSSL: 1.1.0
Compiled: OpenSSL 1.0.1l 15 Jan 2015
Loaded: OpenSSL 1.0.1l 15 Jan 2015
Trying https connections to rubygems.org:
✅ Bundler: success
✅ RubyGems: success
✅ Ruby: success connected with TLSv1_2
Trying https connections to rubygems.org without system certs:
❌ Bundler: failed certificate verification
❌ RubyGems: failed certificate verification
Ruby (net/http), RubyGems, and Bundler can all connect to rubygems.org, but
they are using the system certs to do so. The certs bundled with RubyGems
and Bundler are too old to verify rubygems.org.
Given that, updating RubyGems and Bundler is recommended, but not required.
Anyway, what do you think? There's a lot of combinations for error reporting when 'system certs' are taken into account...
@duckinator
Thanks. Adding system cert info to the test is opening a rather large rabbit hole. I don't want to confuse new users, but years ago I had to support a large legacy app. It should be clear that older Rubies' Bundler & RG may work fine if the system certs are up to date. 'May work fine' is hard to test, but at least this verifies whether they can connect.
Adding another variable (system certs) makes the reporting (what does the user need to fix) a bit larger. I'll keep working at it...