[tor-commits] [flashproxy/master] Add --disable-pin options.
dcf at torproject.org
dcf at torproject.org
Fri May 31 16:42:40 UTC 2013
commit 1a654e6a0d72ae1b03cd670f095459f5e605c47c
Author: David Fifield <david at bamsoftware.com>
Date: Fri May 31 09:20:41 2013 -0700
Add --disable-pin options.
This will allow us to temporarily react to a key change without having
to immediately without having to immediately deploy new bundles. Also
I'm not so sure that public keys are globally the same for the services
we're using since finding the other key for www.google.com today.
---
doc/flashproxy-reg-appspot.1 | 9 +++++++--
doc/flashproxy-reg-appspot.1.txt | 5 +++++
doc/flashproxy-reg-email.1 | 9 +++++++--
doc/flashproxy-reg-email.1.txt | 5 +++++
facilitator/facilitator-email-poller | 8 ++++++--
flashproxy-reg-appspot | 14 +++++++++-----
flashproxy-reg-email | 8 ++++++--
7 files changed, 45 insertions(+), 13 deletions(-)
diff --git a/doc/flashproxy-reg-appspot.1 b/doc/flashproxy-reg-appspot.1
index 63c6b02..b195c89 100644
--- a/doc/flashproxy-reg-appspot.1
+++ b/doc/flashproxy-reg-appspot.1
@@ -2,12 +2,12 @@
.\" Title: flashproxy-reg-appspot
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 05/19/2013
+.\" Date: 05/31/2013
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "FLASHPROXY\-REG\-APPSPOT" "1" "05/19/2013" "\ \&" "\ \&"
+.TH "FLASHPROXY\-REG\-APPSPOT" "1" "05/31/2013" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -41,6 +41,11 @@ This program uses a trick to talk to App Engine, even though appspot\&.com may b
Requires the \fBflashproxy\-reg\-url\fR program\&.
.SH "OPTIONS"
.PP
+\fB\-\-disable\-pin\fR
+.RS 4
+Don\(cqt check the server\(cqs public key against a list of known pins\&. You can use this if the server\(cqs public key has changed and this program hasn\(cqt been updated yet\&.
+.RE
+.PP
\fB\-\-facilitator\-pubkey\fR=\fIFILENAME\fR
.RS 4
Encrypt registrations to the given PEM\-formatted public key (default built\-in)\&.
diff --git a/doc/flashproxy-reg-appspot.1.txt b/doc/flashproxy-reg-appspot.1.txt
index 6370be0..df4a862 100644
--- a/doc/flashproxy-reg-appspot.1.txt
+++ b/doc/flashproxy-reg-appspot.1.txt
@@ -30,6 +30,11 @@ Requires the **flashproxy-reg-url** program.
OPTIONS
-------
+**--disable-pin**::
+ Don't check the server's public key against a list of known pins.
+ You can use this if the server's public key has changed and this
+ program hasn't been updated yet.
+
**--facilitator-pubkey**=__FILENAME__::
Encrypt registrations to the given PEM-formatted public key (default built-in).
diff --git a/doc/flashproxy-reg-email.1 b/doc/flashproxy-reg-email.1
index 13ec7f2..ea6729e 100644
--- a/doc/flashproxy-reg-email.1
+++ b/doc/flashproxy-reg-email.1
@@ -2,12 +2,12 @@
.\" Title: flashproxy-reg-email
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 05/19/2013
+.\" Date: 05/31/2013
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "FLASHPROXY\-REG\-EMAIL" "1" "05/19/2013" "\ \&" "\ \&"
+.TH "FLASHPROXY\-REG\-EMAIL" "1" "05/31/2013" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -58,6 +58,11 @@ Name lookups use only IPv6\&.
Enable debugging output (Python smtplib messages)\&.
.RE
.PP
+\fB\-\-disable\-pin\fR
+.RS 4
+Don\(cqt check the server\(cqs public key against a list of known pins\&. You can use this if the server\(cqs public key has changed and this program hasn\(cqt been updated yet\&.
+.RE
+.PP
\fB\-e\fR, \fB\-\-email\fR=\fIADDRESS\fR
.RS 4
Send mail to
diff --git a/doc/flashproxy-reg-email.1.txt b/doc/flashproxy-reg-email.1.txt
index 6175e92..9267975 100644
--- a/doc/flashproxy-reg-email.1.txt
+++ b/doc/flashproxy-reg-email.1.txt
@@ -41,6 +41,11 @@ OPTIONS
**-d**, **--debug**::
Enable debugging output (Python smtplib messages).
+**--disable-pin**::
+ Don't check the server's public key against a list of known pins.
+ You can use this if the server's public key has changed and this
+ program hasn't been updated yet.
+
**-e**, **--email**=__ADDRESS__::
Send mail to __ADDRESS__ (default is "flashproxyreg.a at gmail.com").
diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller
index 9df7f3b..349a1fe 100755
--- a/facilitator/facilitator-email-poller
+++ b/facilitator/facilitator-email-poller
@@ -74,6 +74,7 @@ class options(object):
pid_filename = None
safe_logging = True
imaplib_debug = False
+ use_certificate_pin = True
class IMAP4_SSL_REQUIRED(imaplib.IMAP4_SSL):
"""A subclass of of IMAP4_SSL that uses ssl_version=ssl.PROTOCOL_TLSv1 and
@@ -94,6 +95,7 @@ an IMAP server for email messages with client registrations, deletes
them, and forwards the registrations to the facilitator.
-d, --debug don't daemonize, log to stdout.
+ --disable-pin don't check server public key against a known pin.
-e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s").
-h, --help show this help.
-i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s").
@@ -123,11 +125,13 @@ def log(msg):
options.email_addr = DEFAULT_EMAIL_ADDRESS
options.imap_addr = (DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"])
for o, a in opts:
if o == "-d" or o == "--debug":
options.daemonize = False
options.log_filename = None
+ elif o == "--disable-pin":
+ options.use_certificate_pin = False
elif o == "-e" or o == "--email":
options.email_addr = a
elif o == "-h" or o == "--help":
@@ -296,7 +300,7 @@ def imap_login():
pubkey_der = cert.get_pubkey().as_der()
pubkey_digest = sha1(pubkey_der).digest()
- if pubkey_digest not in PUBKEY_SHA1:
+ if options.use_certificate_pin and pubkey_digest not in PUBKEY_SHA1:
expected = "(" + ", ".join(x.encode("hex") for x in PUBKEY_SHA1) + ")"
raise ValueError("Public key does not match pin: got %s but expected any of %s" %
(pubkey_digest.encode("hex"), expected))
diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
index 5c82ba9..e638d09 100755
--- a/flashproxy-reg-appspot
+++ b/flashproxy-reg-appspot
@@ -70,6 +70,7 @@ PUBKEY_SHA1 = tuple(x.decode("hex") for x in (
class options(object):
address_family = socket.AF_UNSPEC
facilitator_pubkey_filename = None
+ use_certificate_pin = True
def usage(f = sys.stdout):
print >> f, """\
@@ -78,12 +79,13 @@ Register with a flash proxy facilitator through a Google App Engine app.
By default the remote address registered is "%(remote_addr)s" (the
external IP address is guessed).
- -4 name lookups use only IPv4.
- -6 name lookups use only IPv6.
+ -4 name lookups use only IPv4.
+ -6 name lookups use only IPv6.
+ --disable-pin don't check server public key against a known pin.
--facilitator-pubkey=FILENAME
encrypt registrations to the given PEM-formatted
public key (default built-in).
- -h, --help show this help.\
+ -h, --help show this help.\
""" % {
"progname": sys.argv[0],
"remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
@@ -197,7 +199,7 @@ class PinHTTPSConnection(httplib.HTTPSConnection):
pubkey_der = cert.get_pubkey().as_der()
pubkey_digest = sha1(pubkey_der).digest()
- if pubkey_digest not in PUBKEY_SHA1:
+ if options.use_certificate_pin and pubkey_digest not in PUBKEY_SHA1:
expected = "(" + ", ".join(x.encode("hex") for x in PUBKEY_SHA1) + ")"
raise ValueError("Public key does not match pin: got %s but expected any of %s" %
(pubkey_digest.encode("hex"), expected))
@@ -219,12 +221,14 @@ def get_external_ip():
finally:
f.close()
-opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["facilitator-pubkey=", "help"])
+opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help"])
for o, a in opt:
if o == "-4":
options.address_family = socket.AF_INET
elif o == "-6":
options.address_family = socket.AF_INET6
+ elif o == "--disable-pin":
+ options.use_certificate_pin = False
elif o == "--facilitator-pubkey":
options.facilitator_pubkey_filename = a
elif o == "-h" or o == "--help":
diff --git a/flashproxy-reg-email b/flashproxy-reg-email
index 90e5264..3f77b10 100755
--- a/flashproxy-reg-email
+++ b/flashproxy-reg-email
@@ -87,6 +87,7 @@ class options(object):
debug = False
address_family = socket.AF_UNSPEC
facilitator_pubkey_filename = None
+ use_certificate_pin = True
def usage(f = sys.stdout):
print >> f, """\
@@ -104,6 +105,7 @@ This program requires the M2Crypto library for Python.
-4 name lookups use only IPv4.
-6 name lookups use only IPv6.
-d, --debug enable debugging output (Python smtplib messages).
+ --disable-pin don't check server public key against a known pin.
-e, --email=ADDRESS send mail to ADDRESS (default "%(email_addr)s").
--facilitator-pubkey=FILENAME
encrypt registrations to the given PEM-formatted
@@ -190,7 +192,7 @@ def get_facilitator_pubkey():
options.email_addr = DEFAULT_EMAIL_ADDRESS
options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "email=", "facilitator-pubkey=", "help", "smtp="])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp="])
for o, a in opts:
if o == "-4":
options.address_family = socket.AF_INET
@@ -198,6 +200,8 @@ for o, a in opts:
options.address_family = socket.AF_INET6
elif o == "-d" or o == "--debug":
options.debug = True
+ elif o == "--disable-pin":
+ options.use_certificate_pin = False
elif o == "-e" or o == "--email":
options.email_addr = a
elif o == "--facilitator-pubkey":
@@ -264,7 +268,7 @@ try:
pubkey_der = cert.get_pubkey().as_der()
pubkey_digest = sha1(pubkey_der).digest()
- if pubkey_digest not in PUBKEY_SHA1:
+ if options.use_certificate_pin and pubkey_digest not in PUBKEY_SHA1:
expected = "(" + ", ".join(x.encode("hex") for x in PUBKEY_SHA1) + ")"
raise ValueError("Public key does not match pin: got %s but expected any of %s" %
(pubkey_digest.encode("hex"), expected))
More information about the tor-commits
mailing list