commit 1a654e6a0d72ae1b03cd670f095459f5e605c47c Author: David Fifield david@bamsoftware.com Date: Fri May 31 09:20:41 2013 -0700
Add --disable-pin options.
This will allow us to temporarily react to a key change without having to immediately without having to immediately deploy new bundles. Also I'm not so sure that public keys are globally the same for the services we're using since finding the other key for www.google.com today. --- doc/flashproxy-reg-appspot.1 | 9 +++++++-- doc/flashproxy-reg-appspot.1.txt | 5 +++++ doc/flashproxy-reg-email.1 | 9 +++++++-- doc/flashproxy-reg-email.1.txt | 5 +++++ facilitator/facilitator-email-poller | 8 ++++++-- flashproxy-reg-appspot | 14 +++++++++----- flashproxy-reg-email | 8 ++++++-- 7 files changed, 45 insertions(+), 13 deletions(-)
diff --git a/doc/flashproxy-reg-appspot.1 b/doc/flashproxy-reg-appspot.1 index 63c6b02..b195c89 100644 --- a/doc/flashproxy-reg-appspot.1 +++ b/doc/flashproxy-reg-appspot.1 @@ -2,12 +2,12 @@ ." Title: flashproxy-reg-appspot ." Author: [FIXME: author] [see http://docbook.sf.net/el/author] ." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -." Date: 05/19/2013 +." Date: 05/31/2013 ." Manual: \ & ." Source: \ & ." Language: English ." -.TH "FLASHPROXY-REG-APPSPOT" "1" "05/19/2013" "\ &" "\ &" +.TH "FLASHPROXY-REG-APPSPOT" "1" "05/31/2013" "\ &" "\ &" ." ----------------------------------------------------------------- ." * Define some portability stuff ." ----------------------------------------------------------------- @@ -41,6 +41,11 @@ This program uses a trick to talk to App Engine, even though appspot&.com may b Requires the \fBflashproxy-reg-url\fR program&. .SH "OPTIONS" .PP +\fB--disable-pin\fR +.RS 4 +Don(cqt check the server(cqs public key against a list of known pins&. You can use this if the server(cqs public key has changed and this program hasn(cqt been updated yet&. +.RE +.PP \fB--facilitator-pubkey\fR=\fIFILENAME\fR .RS 4 Encrypt registrations to the given PEM-formatted public key (default built-in)&. diff --git a/doc/flashproxy-reg-appspot.1.txt b/doc/flashproxy-reg-appspot.1.txt index 6370be0..df4a862 100644 --- a/doc/flashproxy-reg-appspot.1.txt +++ b/doc/flashproxy-reg-appspot.1.txt @@ -30,6 +30,11 @@ Requires the **flashproxy-reg-url** program.
OPTIONS ------- +**--disable-pin**:: + Don't check the server's public key against a list of known pins. + You can use this if the server's public key has changed and this + program hasn't been updated yet. + **--facilitator-pubkey**=__FILENAME__:: Encrypt registrations to the given PEM-formatted public key (default built-in).
diff --git a/doc/flashproxy-reg-email.1 b/doc/flashproxy-reg-email.1 index 13ec7f2..ea6729e 100644 --- a/doc/flashproxy-reg-email.1 +++ b/doc/flashproxy-reg-email.1 @@ -2,12 +2,12 @@ ." Title: flashproxy-reg-email ." Author: [FIXME: author] [see http://docbook.sf.net/el/author] ." Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -." Date: 05/19/2013 +." Date: 05/31/2013 ." Manual: \ & ." Source: \ & ." Language: English ." -.TH "FLASHPROXY-REG-EMAIL" "1" "05/19/2013" "\ &" "\ &" +.TH "FLASHPROXY-REG-EMAIL" "1" "05/31/2013" "\ &" "\ &" ." ----------------------------------------------------------------- ." * Define some portability stuff ." ----------------------------------------------------------------- @@ -58,6 +58,11 @@ Name lookups use only IPv6&. Enable debugging output (Python smtplib messages)&. .RE .PP +\fB--disable-pin\fR +.RS 4 +Don(cqt check the server(cqs public key against a list of known pins&. You can use this if the server(cqs public key has changed and this program hasn(cqt been updated yet&. +.RE +.PP \fB-e\fR, \fB--email\fR=\fIADDRESS\fR .RS 4 Send mail to diff --git a/doc/flashproxy-reg-email.1.txt b/doc/flashproxy-reg-email.1.txt index 6175e92..9267975 100644 --- a/doc/flashproxy-reg-email.1.txt +++ b/doc/flashproxy-reg-email.1.txt @@ -41,6 +41,11 @@ OPTIONS **-d**, **--debug**:: Enable debugging output (Python smtplib messages).
+**--disable-pin**:: + Don't check the server's public key against a list of known pins. + You can use this if the server's public key has changed and this + program hasn't been updated yet. + **-e**, **--email**=__ADDRESS__:: Send mail to __ADDRESS__ (default is "flashproxyreg.a@gmail.com").
diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller index 9df7f3b..349a1fe 100755 --- a/facilitator/facilitator-email-poller +++ b/facilitator/facilitator-email-poller @@ -74,6 +74,7 @@ class options(object): pid_filename = None safe_logging = True imaplib_debug = False + use_certificate_pin = True
class IMAP4_SSL_REQUIRED(imaplib.IMAP4_SSL): """A subclass of of IMAP4_SSL that uses ssl_version=ssl.PROTOCOL_TLSv1 and @@ -94,6 +95,7 @@ an IMAP server for email messages with client registrations, deletes them, and forwards the registrations to the facilitator.
-d, --debug don't daemonize, log to stdout. + --disable-pin don't check server public key against a known pin. -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s"). -h, --help show this help. -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s"). @@ -123,11 +125,13 @@ def log(msg): options.email_addr = DEFAULT_EMAIL_ADDRESS options.imap_addr = (DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False options.log_filename = None + elif o == "--disable-pin": + options.use_certificate_pin = False elif o == "-e" or o == "--email": options.email_addr = a elif o == "-h" or o == "--help": @@ -296,7 +300,7 @@ def imap_login(): pubkey_der = cert.get_pubkey().as_der() pubkey_digest = sha1(pubkey_der).digest()
- if pubkey_digest not in PUBKEY_SHA1: + if options.use_certificate_pin and pubkey_digest not in PUBKEY_SHA1: expected = "(" + ", ".join(x.encode("hex") for x in PUBKEY_SHA1) + ")" raise ValueError("Public key does not match pin: got %s but expected any of %s" % (pubkey_digest.encode("hex"), expected)) diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot index 5c82ba9..e638d09 100755 --- a/flashproxy-reg-appspot +++ b/flashproxy-reg-appspot @@ -70,6 +70,7 @@ PUBKEY_SHA1 = tuple(x.decode("hex") for x in ( class options(object): address_family = socket.AF_UNSPEC facilitator_pubkey_filename = None + use_certificate_pin = True
def usage(f = sys.stdout): print >> f, """\ @@ -78,12 +79,13 @@ Register with a flash proxy facilitator through a Google App Engine app. By default the remote address registered is "%(remote_addr)s" (the external IP address is guessed).
- -4 name lookups use only IPv4. - -6 name lookups use only IPv6. + -4 name lookups use only IPv4. + -6 name lookups use only IPv6. + --disable-pin don't check server public key against a known pin. --facilitator-pubkey=FILENAME encrypt registrations to the given PEM-formatted public key (default built-in). - -h, --help show this help.\ + -h, --help show this help.\ """ % { "progname": sys.argv[0], "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)), @@ -197,7 +199,7 @@ class PinHTTPSConnection(httplib.HTTPSConnection): pubkey_der = cert.get_pubkey().as_der() pubkey_digest = sha1(pubkey_der).digest()
- if pubkey_digest not in PUBKEY_SHA1: + if options.use_certificate_pin and pubkey_digest not in PUBKEY_SHA1: expected = "(" + ", ".join(x.encode("hex") for x in PUBKEY_SHA1) + ")" raise ValueError("Public key does not match pin: got %s but expected any of %s" % (pubkey_digest.encode("hex"), expected)) @@ -219,12 +221,14 @@ def get_external_ip(): finally: f.close()
-opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["facilitator-pubkey=", "help"]) +opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help"]) for o, a in opt: if o == "-4": options.address_family = socket.AF_INET elif o == "-6": options.address_family = socket.AF_INET6 + elif o == "--disable-pin": + options.use_certificate_pin = False elif o == "--facilitator-pubkey": options.facilitator_pubkey_filename = a elif o == "-h" or o == "--help": diff --git a/flashproxy-reg-email b/flashproxy-reg-email index 90e5264..3f77b10 100755 --- a/flashproxy-reg-email +++ b/flashproxy-reg-email @@ -87,6 +87,7 @@ class options(object): debug = False address_family = socket.AF_UNSPEC facilitator_pubkey_filename = None + use_certificate_pin = True
def usage(f = sys.stdout): print >> f, """\ @@ -104,6 +105,7 @@ This program requires the M2Crypto library for Python. -4 name lookups use only IPv4. -6 name lookups use only IPv6. -d, --debug enable debugging output (Python smtplib messages). + --disable-pin don't check server public key against a known pin. -e, --email=ADDRESS send mail to ADDRESS (default "%(email_addr)s"). --facilitator-pubkey=FILENAME encrypt registrations to the given PEM-formatted @@ -190,7 +192,7 @@ def get_facilitator_pubkey(): options.email_addr = DEFAULT_EMAIL_ADDRESS options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "email=", "facilitator-pubkey=", "help", "smtp="]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp="]) for o, a in opts: if o == "-4": options.address_family = socket.AF_INET @@ -198,6 +200,8 @@ for o, a in opts: options.address_family = socket.AF_INET6 elif o == "-d" or o == "--debug": options.debug = True + elif o == "--disable-pin": + options.use_certificate_pin = False elif o == "-e" or o == "--email": options.email_addr = a elif o == "--facilitator-pubkey": @@ -264,7 +268,7 @@ try: pubkey_der = cert.get_pubkey().as_der() pubkey_digest = sha1(pubkey_der).digest()
- if pubkey_digest not in PUBKEY_SHA1: + if options.use_certificate_pin and pubkey_digest not in PUBKEY_SHA1: expected = "(" + ", ".join(x.encode("hex") for x in PUBKEY_SHA1) + ")" raise ValueError("Public key does not match pin: got %s but expected any of %s" % (pubkey_digest.encode("hex"), expected))