commit 59daf0150e2661be93ddde2bee57feb3ca7ac5b6 Author: Arturo Filastò arturo@filasto.net Date: Tue Jul 24 15:10:37 2012 +0200
Implement SSL support for OONIB --- .gitignore | 1 + oonib/README.md | 10 ++++++++++ oonib/backends/ssl.py | 7 +++++++ oonib/oonibackend.conf | 8 -------- oonib/oonibackend.conf.sample | 10 ++++++++++ oonib/oonibackend.py | 11 ++++++++++- 6 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/.gitignore b/.gitignore index 553482d..7f270bb 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ proxy-lists/italy-dns-ips.txt proxy-lists/italy-http-ips.txt private/* /ooni/plugins/dropin.cache +oonib/oonibackend.conf diff --git a/oonib/README.md b/oonib/README.md new file mode 100644 index 0000000..6823d06 --- /dev/null +++ b/oonib/README.md @@ -0,0 +1,10 @@ +# Generate self signed certs for OONIB + + openssl genrsa -des3 -out private.key 4096 + openssl req -new -key private.key -out server.csr + cp private.key private.key.org + # Remove passphrase from key + openssl rsa -in private.key.org -out private.key + openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate.crt + rm private.key.org + diff --git a/oonib/backends/ssl.py b/oonib/backends/ssl.py new file mode 100644 index 0000000..5f19686 --- /dev/null +++ b/oonib/backends/ssl.py @@ -0,0 +1,7 @@ +from twisted.internet import ssl + +class SSLContext(ssl.DefaultOpenSSLContextFactory): + def __init__(self, config): + ssl.DefaultOpenSSLContextFactory.__init__(self, config.main.ssl_private_key, + config.main.ssl_certificate) + diff --git a/oonib/oonibackend.conf b/oonib/oonibackend.conf deleted file mode 100644 index 5265045..0000000 --- a/oonib/oonibackend.conf +++ /dev/null @@ -1,8 +0,0 @@ -[main] -http_port = 8080 -dns_udp_port = 5354 -dns_tcp_port = 8002 -daphn3_port = 9666 -server_version = Apache -[daphn3] -pcap_file = /Users/y/Documents/workspace/ooni-probe.new/oonib/server.pcap diff --git a/oonib/oonibackend.conf.sample b/oonib/oonibackend.conf.sample new file mode 100644 index 0000000..a5cbbd3 --- /dev/null +++ b/oonib/oonibackend.conf.sample @@ -0,0 +1,10 @@ +[main] +http_port = 8080 +dns_udp_port = 5354 +dns_tcp_port = 8002 +daphn3_port = 9666 +server_version = Apache +ssl_private_key = /path/to/private.key +ssl_certificate = /path/to/certificate.crt +[daphn3] +pcap_file = /path/to/server.pcap diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py index fe1a760..c5a866b 100755 --- a/oonib/oonibackend.py +++ b/oonib/oonibackend.py @@ -18,6 +18,7 @@ from twisted.names import dns
from oonib.common import config from oonib.backends.http import HTTPBackend +from oonib.backends.ssl import SSLContext from oonib.backends.dns import ProxyDNSServer from oonib.backends.daphn3 import Daphn3Server
@@ -26,7 +27,15 @@ server.version = config.main.server_version
application = service.Application('oonibackend') serviceCollection = service.IServiceCollection(application) -internet.TCPServer(int(config.main.http_port), server.Site(HTTPBackend())).setServiceParent(serviceCollection) + +internet.TCPServer(int(config.main.http_port), + server.Site(HTTPBackend()) + ).setServiceParent(serviceCollection) + +internet.SSLServer(int(config.main.ssl_port), + server.Site(HTTPBackend()), + SSLContext(config), + ).setServiceParent(serviceCollection)
# Start the DNS Server related services TCPDNSServer = ProxyDNSServer()