[ooni-dev] Testing HTTPS URLs and certificate chain
David Fifield
david at bamsoftware.com
Mon Jun 22 06:48:08 UTC 2015
It would be good to have ongoing tests for the domains we use as fronts
for anticensorship, e.g.:
https://www.google.com/
https://a0.awsstatic.com/
https://ajax.aspnetcdn.com/
I would love to have periodic checks that 1) each domain is accessible,
and 2) the certificate chain is what we expect, to find MITM attempts.
I suppose the existing nettests/blocking/http_requests.py can handle
simple HTTPS connectivity. Is it easy to add the URLs above to the
standard tests?
I'm less sure about how to get the certificate chain. I did some
searching and didn't find a way to get the certificate chain from the
twisted.web.client.Agent that templates/httpt.py uses (maybe you provide
it a twisted.internet.ssl.ContextFactory somehow?).
nettests/experimental/tls_handshake.py doesn't seem to be quite what I
want. What do you suggest?
More information about the ooni-dev
mailing list