[tor-commits] [ooni-probe/master] Implement SSL support for OONIB

art at torproject.org art at torproject.org
Tue Jul 24 13:10:58 UTC 2012


commit 59daf0150e2661be93ddde2bee57feb3ca7ac5b6
Author: Arturo Filastò <arturo at filasto.net>
Date:   Tue Jul 24 15:10:37 2012 +0200

    Implement SSL support for OONIB
---
 .gitignore                    |    1 +
 oonib/README.md               |   10 ++++++++++
 oonib/backends/ssl.py         |    7 +++++++
 oonib/oonibackend.conf        |    8 --------
 oonib/oonibackend.conf.sample |   10 ++++++++++
 oonib/oonibackend.py          |   11 ++++++++++-
 6 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 553482d..7f270bb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ proxy-lists/italy-dns-ips.txt
 proxy-lists/italy-http-ips.txt
 private/*
 /ooni/plugins/dropin.cache
+oonib/oonibackend.conf
diff --git a/oonib/README.md b/oonib/README.md
new file mode 100644
index 0000000..6823d06
--- /dev/null
+++ b/oonib/README.md
@@ -0,0 +1,10 @@
+# Generate self signed certs for OONIB
+
+    openssl genrsa -des3 -out private.key 4096
+    openssl req -new -key private.key -out server.csr
+    cp private.key private.key.org
+    # Remove passphrase from key
+    openssl rsa -in private.key.org -out private.key
+    openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate.crt
+    rm private.key.org
+
diff --git a/oonib/backends/ssl.py b/oonib/backends/ssl.py
new file mode 100644
index 0000000..5f19686
--- /dev/null
+++ b/oonib/backends/ssl.py
@@ -0,0 +1,7 @@
+from twisted.internet import ssl
+
+class SSLContext(ssl.DefaultOpenSSLContextFactory):
+    def __init__(self, config):
+        ssl.DefaultOpenSSLContextFactory.__init__(self, config.main.ssl_private_key,
+                                                  config.main.ssl_certificate)
+
diff --git a/oonib/oonibackend.conf b/oonib/oonibackend.conf
deleted file mode 100644
index 5265045..0000000
--- a/oonib/oonibackend.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[main]
-http_port = 8080
-dns_udp_port = 5354
-dns_tcp_port = 8002
-daphn3_port = 9666
-server_version = Apache
-[daphn3]
-pcap_file = /Users/y/Documents/workspace/ooni-probe.new/oonib/server.pcap
diff --git a/oonib/oonibackend.conf.sample b/oonib/oonibackend.conf.sample
new file mode 100644
index 0000000..a5cbbd3
--- /dev/null
+++ b/oonib/oonibackend.conf.sample
@@ -0,0 +1,10 @@
+[main]
+http_port = 8080
+dns_udp_port = 5354
+dns_tcp_port = 8002
+daphn3_port = 9666
+server_version = Apache
+ssl_private_key = /path/to/private.key
+ssl_certificate = /path/to/certificate.crt
+[daphn3]
+pcap_file = /path/to/server.pcap
diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py
index fe1a760..c5a866b 100755
--- a/oonib/oonibackend.py
+++ b/oonib/oonibackend.py
@@ -18,6 +18,7 @@ from twisted.names import dns
 
 from oonib.common import config
 from oonib.backends.http import HTTPBackend
+from oonib.backends.ssl import SSLContext
 from oonib.backends.dns import ProxyDNSServer
 from oonib.backends.daphn3 import Daphn3Server
 
@@ -26,7 +27,15 @@ server.version = config.main.server_version
 
 application = service.Application('oonibackend')
 serviceCollection = service.IServiceCollection(application)
-internet.TCPServer(int(config.main.http_port), server.Site(HTTPBackend())).setServiceParent(serviceCollection)
+
+internet.TCPServer(int(config.main.http_port),
+                   server.Site(HTTPBackend())
+                  ).setServiceParent(serviceCollection)
+
+internet.SSLServer(int(config.main.ssl_port),
+                   server.Site(HTTPBackend()),
+                   SSLContext(config),
+                  ).setServiceParent(serviceCollection)
 
 # Start the DNS Server related services
 TCPDNSServer = ProxyDNSServer()



More information about the tor-commits mailing list