Class EzCrypto::TrustStore
In: lib/ezsig.rb
Parent: Object

Wraps around the OpenSSL trust store. This allows you to decide which certificates you trust.

You can either point it at a path which contains a OpenSSL trust store (see OpenSSL for more) or build it up manually.

For a certificate to verify you need the issuer and the issuers issuers certs added to the Trust store.

NOTE: Currently this does not support CRL’s or OCSP. We may add support for this later.


Public Class methods

Create a trust store of normally trusted root certificates as found in a browser. Extracted from Safari.

Create a trust store from a list of certificates in a pem file. These certificates should just be listed one after each other.

Create trust store with an optional list of paths of openssl trust stores.

Public Instance methods

Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore. This should be a trusted certificate such as a CA’s issuer certificate.

Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.