One thing to note is that the github.com cert you've provided isn't
directly signed by a root CA. It is signed by an intermediate CA: DigiCert
High Assurance EV CA-1 (attached). That cert is is in turn signed by
DigiCert High Assurance EV Root CA. When I run the attached cert through
your code I find it is valid.

On Mon, Nov 7, 2011 at 1:23 PM, I=F1aki Baz Castillo <ibc / aliax.net> wrote:

> Hi, I'm playing with Ruby OpenSSL in order to validate certificates.
> I've started with a code very similar to the present in
> https://github.com/negativecode/vines/blob/master/lib/vines/store.rb.
>
> Basically I get the list of CA Root Certificates from Mozilla:
>  http://curl.haxx.se/ca/cacert.pem
>
> I add all the certificates present in that file to a
> OpenSSL::X509::Store instance.
> Then I try to validate the certificate of www.github.com (which of
> course is valid). But always get "invalid"
>
> I would appreciate if somebody could check the code and explain me why
> it does not work at all. To test it:
>
> - Get this tar.gz:  http://public.aliax.net/ruby-ssl.tar.gz
>
> - Decompress it. You will get:
>  - cacert.pem (CA Root Certificates from Mozilla)
>  - github.crt (Github valid certificate)
>  - check-cert.rb (the script)
>
> - Run:  ./check-cert.rb github.crt
>
> As you can see it fails to validate the certificate from Github. Could
> somebody help me please?
> Thanks a lot.
>
>
>
> --
> I=F1aki Baz Castillo
> <ibc / aliax.net>
>
>


--=20
John Downey
(supressed text/html)LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlHNHpDQ0JjdWdBd0lCQWdJUUNMdXdKVWNU
UzhteEVOZkJvaEpaeFRBTkJna3Foa2lHOXcwQkFRVUZBREJzDQpNUXN3Q1FZRFZRUUdFd0pWVXpF
Vk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzDQpkM2N1WkdsbmFX
TmxjblF1WTI5dE1Tc3dLUVlEVlFRREV5SkVhV2RwUTJWeWRDQklhV2RvSUVGemMzVnlZVzVqDQpa
U0JGVmlCU2IyOTBJRU5CTUI0WERUQTJNVEV4TURBd01EQXdNRm9YRFRJeE1URXhNREF3TURBd01G
b3dhVEVMDQpNQWtHQTFVRUJoTUNWVk14RlRBVEJnTlZCQW9UREVScFoybERaWEowSUVsdVl6RVpN
QmNHQTFVRUN4TVFkM2QzDQpMbVJwWjJsalpYSjBMbU52YlRFb01DWUdBMVVFQXhNZlJHbG5hVU5s
Y25RZ1NHbG5hQ0JCYzNOMWNtRnVZMlVnDQpSVllnUTBFdE1UQ0NBU0l3RFFZSktvWklodmNOQVFF
QkJRQURnZ0VQQURDQ0FRb0NnZ0VCQVBPV1l0aDFiaG4vDQpQelI4U1U4eGZnMEVUcG1CNHJPRlZa
RXdzY0N2Y0xzc3FPY1lxajk0OTVCb1VvWUJpSmZpT3dabGtLcTlaWGJDDQo3TDRRV3pkNGcyQjFS
Y2E5ZEtxMm42UTZBVkFYeERscHVmRlA3NExCeXZOSzI4eWVVRTlOUUtNNmtPZUdacnp3DQpQbllv
VE5GMWdKNXFOUlExQTU3YkRJekNLSzFRc3M3MmthUERwUXBZU2ZaMVJHeTYrYzdwcXpvQzRFM3py
T0o2DQo0R0FpQlR5QzAxTGk4NXhIK0R2WXNrdVRWa3EvY0tzKzZXaklIWTlZSFNwTlhpYzlyUXBa
TDFvUklFRFphQVJvDQpMZlRBaEFzS0czamY3UnBZM1B0QldtMXI4dTBjN2x3eXRsenMxNllETXFi
bzNyY29KMW1JZ1A5N3JZbFkxUjRVDQpwUEt3Y05TZ1BxY0NBd0VBQWFPQ0E0SXdnZ04rTUE0R0Ex
VWREd0VCL3dRRUF3SUJoakE3QmdOVkhTVUVOREF5DQpCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhB
d0lHQ0NzR0FRVUZCd01EQmdnckJnRUZCUWNEQkFZSUt3WUJCUVVIDQpBd2d3Z2dIRUJnTlZIU0FF
Z2dHN01JSUJ0ekNDQWJNR0NXQ0dTQUdHL1d3Q0FUQ0NBYVF3T2dZSUt3WUJCUVVIDQpBZ0VXTG1o
MGRIQTZMeTkzZDNjdVpHbG5hV05sY25RdVkyOXRMM056YkMxamNITXRjbVZ3YjNOcGRHOXllUzVv
DQpkRzB3Z2dGa0JnZ3JCZ0VGQlFjQ0FqQ0NBVlllZ2dGU0FFRUFiZ0I1QUNBQWRRQnpBR1VBSUFC
dkFHWUFJQUIwDQpBR2dBYVFCekFDQUFRd0JsQUhJQWRBQnBBR1lBYVFCakFHRUFkQUJsQUNBQVl3
QnZBRzRBY3dCMEFHa0FkQUIxDQpBSFFBWlFCekFDQUFZUUJqQUdNQVpRQndBSFFBWVFCdUFHTUFa
UUFnQUc4QVpnQWdBSFFBYUFCbEFDQUFSQUJwDQpBR2NBYVFCREFHVUFjZ0IwQUNBQVJRQldBQ0FB
UXdCUUFGTUFJQUJoQUc0QVpBQWdBSFFBYUFCbEFDQUFVZ0JsDQpBR3dBZVFCcEFHNEFad0FnQUZB
QVlRQnlBSFFBZVFBZ0FFRUFad0J5QUdVQVpRQnRBR1VBYmdCMEFDQUFkd0JvDQpBR2tBWXdCb0FD
QUFiQUJwQUcwQWFRQjBBQ0FBYkFCcEFHRUFZZ0JwQUd3QWFRQjBBSGtBSUFCaEFHNEFaQUFnDQpB
R0VBY2dCbEFDQUFhUUJ1QUdNQWJ3QnlBSEFBYndCeUFHRUFkQUJsQUdRQUlBQm9BR1VBY2dCbEFH
a0FiZ0FnDQpBR0lBZVFBZ0FISUFaUUJtQUdVQWNnQmxBRzRBWXdCbEFDNHdEd1lEVlIwVEFRSC9C
QVV3QXdFQi96Q0Jnd1lJDQpLd1lCQlFVSEFRRUVkekIxTUNRR0NDc0dBUVVGQnpBQmhoaG9kSFJ3
T2k4dmIyTnpjQzVrYVdkcFkyVnlkQzVqDQpiMjB3VFFZSUt3WUJCUVVITUFLR1FXaDBkSEE2THk5
M2QzY3VaR2xuYVdObGNuUXVZMjl0TDBOQlEyVnlkSE12DQpSR2xuYVVObGNuUklhV2RvUVhOemRY
SmhibU5sUlZaU2IyOTBRMEV1WTNKME1JR1BCZ05WSFI4RWdZY3dnWVF3DQpRS0Erb0R5R09taDBk
SEE2THk5amNtd3pMbVJwWjJsalpYSjBMbU52YlM5RWFXZHBRMlZ5ZEVocFoyaEJjM04xDQpjbUZ1
WTJWRlZsSnZiM1JEUVM1amNtd3dRS0Erb0R5R09taDBkSEE2THk5amNtdzBMbVJwWjJsalpYSjBM
bU52DQpiUzlFYVdkcFEyVnlkRWhwWjJoQmMzTjFjbUZ1WTJWRlZsSnZiM1JEUVM1amNtd3dIUVlE
VlIwT0JCWUVGRXhZDQp5eVh3UVU5UzlDaklnVU9icHFpZzVwTGxNQjhHQTFVZEl3UVlNQmFBRkxF
K3cya0QrTDlIQWRTWUpob0lBdTlqDQpaQ3ZETUEwR0NTcUdTSWIzRFFFQkJRVUFBNElCQVFCUUhr
T3c5MDBwbGx1N3A5TUt0YlhWMENlcSthL0hKZEdWDQoxUzlhVTcxQ0IzNTRTY29MNjB4VjR1b3Zm
MG10eC8vUkxUNmNvR1FyVVo2UkppaTdoN3QxZkx5aC9XWm9Ma3hLDQpGc3orQnM4eDZvQnU1TDNv
QTNMMkpiVkJnMkhRbHdvbkhiUDNLektFajF2bnpEL2lMR2VHbFBTeUsyeFNPMmNxDQpqVmlWQUJS
R0pLd0wrc21PeHlhQTM5SGhsK1A0dTJqR25MMitDRlE3RURKOGdSOHJLSldvUVFyRzBEQm10T255
DQpvZ0JwSUFmS2drd2V6NmVZdUF6dXpSWWN2aHBqMU1DWjltZXk4STRYTFZqQ2dLcGRsc2V6S08z
dzJvNjJSeHVQDQpUaFh4bDB3TFM2K0IxRWFVWWl4RHB6d2xTQmxqOGx5cUZZbDJoSVZ6a1gwb1BB
bURncnozDQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t