def ssl_verify(certificate = self.ssl_x509_certificate, key = self.ssl_key, store = self.ssl_certificate_store, strict_checking=false)
unless ([self.name] + self.aliases).any? { |domain_alias| OpenSSL::SSL.verify_certificate_identity(certificate, domain_alias) }
msg = "The certificate subject is not valid for this domain #{self.name}."
if strict_checking
raise OpenSSL::X509::CertificateError, msg
else
warn "\t#{msg}" if $VERBOSE
end
end
if certificate.not_before > Time.now
msg = "The certificate for #{self.name} is not valid yet."
if strict_checking
raise OpenSSL::X509::CertificateError, msg
else
warn "\t#{msg}" if $VERBOSE
end
end
if certificate.not_after < Time.now
msg = "The certificate for #{self.name} has expired."
if strict_checking
raise OpenSSL::X509::CertificateError, msg
else
warn "\t#{msg}" if $VERBOSE
end
end
unless certificate.check_private_key(key)
raise OpenSSL::X509::CertificateError, "The certificate's public key does not match the supplied private key for #{self.name}."
end
if certificate.verify(key)
puts "\tUsing a self-signed certificate for #{self.name}." if $VERBOSE
elsif store.is_a?(OpenSSL::X509::Store) and store.verify(certificate)
puts "\tUsing certificate signed by #{certificate.issuer.to_s} for #{self.name}" if $VERBOSE
else
msg = "Certificate signature does not verify for #{self.name} -- maybe a bundle is missing?"
if strict_checking
raise OpenSSL::X509::CertificateError, msg
else
warn "\t#{msg}" if $VERBOSE
end
end
true
end