[tor-commits] [sbws/master] config: stop allowing http servers without tls
juga at torproject.org
juga at torproject.org
Mon Jan 7 10:49:24 UTC 2019
commit 1b2af9b8f0bbbfe22b8ee5c4c361f2535509987c
Author: juga0 <juga at riseup.net>
Date: Fri Dec 14 14:02:11 2018 +0000
config: stop allowing http servers without tls
Destinations' Web servers must support TLS to avoid contents cache.
Fixes bug #28789. Bugfix v0.2.0.
---
sbws/lib/destination.py | 3 ---
sbws/util/config.py | 10 +++++++---
tests/integration/conftest.py | 3 +++
tests/unit/util/test_config.py | 11 +++++++----
4 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/sbws/lib/destination.py b/sbws/lib/destination.py
index 1b4c192..ee67cd2 100644
--- a/sbws/lib/destination.py
+++ b/sbws/lib/destination.py
@@ -98,9 +98,6 @@ class Destination:
def __init__(self, url, max_dl, verify):
self._max_dl = max_dl
u = urlparse(url)
- # these things should have been verified in verify_config
- assert u.scheme in ['http', 'https']
- assert u.netloc
self._url = u
self._verify = verify
diff --git a/sbws/util/config.py b/sbws/util/config.py
index 67ec0e0..1aaff53 100644
--- a/sbws/util/config.py
+++ b/sbws/util/config.py
@@ -516,12 +516,16 @@ def _validate_enum(section, key, choices):
def _validate_url(section, key):
value = section[key]
- if not value.startswith(('http://', 'https://')):
- return False, 'Must start with http:// or https://'
url = urlparse(value)
- assert url.scheme in ['http', 'https']
if not url.netloc:
return False, 'Does not appear to contain a hostname'
+ # It should be possible to have an URL that starts by http:// that uses
+ # TLS,but python requests is just checking the scheme starts by https
+ # when verifying certificate:
+ # https://github.com/requests/requests/blob/master/requests/adapters.py#L215 # noqa
+ # When the scheme is https but the protocol is not TLS, requests will hang.
+ if url.scheme != 'https' and not url.netloc.startswith('127.0.0.1'):
+ return False, 'URL scheme must be HTTPS (except for the test server)'
return True, ''
diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py
index 7e1b727..b1312d9 100644
--- a/tests/integration/conftest.py
+++ b/tests/integration/conftest.py
@@ -72,6 +72,9 @@ def conf(sbwshome_dir):
conf['tor']['run_dpath'] = os.path.join(sbwshome_dir, 'tor', 'run')
conf['destinations']['foo'] = 'on'
conf['destinations.foo'] = {}
+ # The test server is not using TLS. Ideally it should also support TLS
+ # If the url would start with https but the request is not using TLS,
+ # the request would hang.
conf['destinations.foo']['url'] = 'http://127.0.0.1:28888/sbws.bin'
conf['tor']['extra_lines'] = """ # noqa: E501
DirAuthority auth1 orport=2002 no-v2 v3ident=D7DBC517EFD2BA1A5012CF1BD0BB38F17C8160BD 127.10.0.1:2003 AA45C13025C037F056E734169891878ED0880231
diff --git a/tests/unit/util/test_config.py b/tests/unit/util/test_config.py
index e3aba98..e1ce169 100644
--- a/tests/unit/util/test_config.py
+++ b/tests/unit/util/test_config.py
@@ -190,14 +190,17 @@ def test_validate_bool():
def test_validate_url():
goods = [
- 'http://example.com', 'http://example.com/',
- 'http://example.com/foo.bar',
- 'http://example.com/foo/bar',
- 'http://user@example.com',
+ 'https://example.com', 'https://example.com/',
+ 'https://example.com/foo.bar',
+ 'https://example.com/foo/bar',
+ 'https://user@example.com',
+ 'https://48.290.983.123:4443',
+ 'http://127.0.0.1:8000'
]
bads = [
'ftp://example.com/foo.bar',
'http://', 'http:///',
+ 'http://example.com',
]
for val in goods:
d = {'': val}
More information about the tor-commits
mailing list