1
##############################################################################
3
# (C) 1998 by Michael Stroeder
4
##############################################################################
5
# This module is distributed under the terms of the
6
# GPL (GNU GENERAL PUBLIC LICENSE) Version 2
7
# (see http://www.gnu.org/copyleft/gpl.html)
8
##############################################################################
10
import sys, os, re, string, charset
12
def GetAllSSLEnviron():
16
HTTPS = os.environ.get('HTTPS','off')
19
SSLEnv['SSL_CIPHER_ALGKEYSIZE'] = \
20
os.environ.get('SSL_CIPHER_ALGKEYSIZE',
21
os.environ.get('HTTPS_KEYSIZE',
22
os.environ.get('SSL_KEYSIZE',
23
os.environ.get('SSL_SERVER_KEY_SIZE',
25
SSLEnv['SSL_CIPHER_EXPORT'] = \
26
os.environ.get('SSL_CIPHER_EXPORT',
27
os.environ.get('HTTPS_EXPORT',
28
os.environ.get('SSL_EXPORT',
30
SSLEnv['SSL_CIPHER'] = \
31
os.environ.get('SSL_CIPHER',
32
os.environ.get('HTTPS_CIPHER',
34
SSLEnv['SSL_CIPHER_USEKEYSIZE'] = \
35
os.environ.get('SSL_CIPHER_USEKEYSIZE',
36
os.environ.get('HTTPS_SECRETKEYSIZE',
37
os.environ.get('SSL_SECKEYSIZE',
39
SSLEnv['SSL_CLIENT_A_SIG'] = \
40
os.environ.get('SSL_CLIENT_A_SIG',
41
os.environ.get('SSL_CLIENT_SIGNATURE_ALGORITHM',
43
SSLEnv['SSL_CLIENT_CERT'] = \
44
os.environ.get('SSL_CLIENT_CERT',
45
os.environ.get('SSL_CLIENT_CERTIFICATE',
47
SSLEnv['SSL_CLIENT_I_DN'] = \
48
os.environ.get('SSL_CLIENT_I_DN',
49
os.environ.get('SSL_CLIENT_IDN',
51
SSLEnv['SSL_CLIENT_I_DN_CN'] = \
52
os.environ.get('SSL_CLIENT_I_DN_CN',
53
os.environ.get('SSL_CLIENT_ICN',
55
SSLEnv['SSL_CLIENT_I_DN_C'] = \
56
os.environ.get('SSL_CLIENT_I_DN_C',
57
os.environ.get('SSL_CLIENT_IC',
59
SSLEnv['SSL_CLIENT_I_DN_Email'] = \
60
os.environ.get('SSL_CLIENT_I_DN_Email',
61
os.environ.get('SSL_CLIENT_IEMAIL',
63
SSLEnv['SSL_CLIENT_I_DN_L'] = \
64
os.environ.get('SSL_CLIENT_I_DN_L',
65
os.environ.get('SSL_CLIENT_IL',
67
SSLEnv['SSL_CLIENT_I_DN_O'] = \
68
os.environ.get('SSL_CLIENT_I_DN_O',
69
os.environ.get('SSL_CLIENT_IO',
71
SSLEnv['SSL_CLIENT_I_DN_OU'] = \
72
os.environ.get('SSL_CLIENT_I_DN_OU',
73
os.environ.get('SSL_CLIENT_IOU',
75
SSLEnv['SSL_CLIENT_I_DN_SP'] = \
76
os.environ.get('SSL_CLIENT_I_DN_SP',
77
os.environ.get('SSL_CLIENT_ISP',
79
SSLEnv['SSL_CLIENT_M_SERIAL'] = \
80
os.environ.get('SSL_CLIENT_M_SERIAL',
81
os.environ.get('SSL_CLIENT_CERT_SERIAL',
83
SSLEnv['SSL_CLIENT_S_DN'] = \
84
os.environ.get('SSL_CLIENT_S_DN',
85
os.environ.get('SSL_CLIENT_DN',
87
SSLEnv['SSL_CLIENT_S_DN_CN'] = \
88
os.environ.get('SSL_CLIENT_S_DN_CN',
89
os.environ.get('SSL_CLIENT_CN',
91
SSLEnv['SSL_CLIENT_S_DN_C'] = \
92
os.environ.get('SSL_CLIENT_S_DN_C',
93
os.environ.get('SSL_CLIENT_C',
95
SSLEnv['SSL_CLIENT_S_DN_Email'] = \
96
os.environ.get('SSL_CLIENT_S_DN_Email',
97
os.environ.get('SSL_CLIENT_EMAIL',
99
SSLEnv['SSL_CLIENT_S_DN_L'] = \
100
os.environ.get('SSL_CLIENT_S_DN_L',
101
os.environ.get('SSL_CLIENT_L',
103
SSLEnv['SSL_CLIENT_S_DN_O'] = \
104
os.environ.get('SSL_CLIENT_S_DN_O',
105
os.environ.get('SSL_CLIENT_O',
107
SSLEnv['SSL_CLIENT_S_DN_OU'] = \
108
os.environ.get('SSL_CLIENT_S_DN_OU',
109
os.environ.get('SSL_CLIENT_OU',
111
SSLEnv['SSL_CLIENT_S_DN_SP'] = \
112
os.environ.get('SSL_CLIENT_S_DN_SP',
113
os.environ.get('SSL_CLIENT_SP',
115
SSLEnv['SSL_CLIENT_V_END'] = \
116
os.environ.get('SSL_CLIENT_V_END',
117
os.environ.get('SSL_CLIENT_CERT_END',
119
SSLEnv['SSL_CLIENT_V_START'] = \
120
os.environ.get('SSL_CLIENT_V_START',
121
os.environ.get('SSL_CLIENT_CERT_START',
123
SSLEnv['SSL_PROTOCOL'] = \
124
os.environ.get('SSL_PROTOCOL',
125
os.environ.get('SSL_PROTOCOL_VERSION',
127
SSLEnv['SSL_SERVER_A_SIG'] = \
128
os.environ.get('SSL_SERVER_A_SIG',
129
os.environ.get('SSL_SERVER_SIGNATURE_ALGORITHM',
131
SSLEnv['SSL_SERVER_CERT'] = \
132
os.environ.get('SSL_SERVER_CERT',
133
os.environ.get('SSL_SERVER_CERTIFICATE',
135
SSLEnv['SSL_SERVER_I_DN_CN'] = \
136
os.environ.get('SSL_SERVER_I_DN_CN',
137
os.environ.get('SSL_SERVER_ICN',
139
SSLEnv['SSL_SERVER_I_DN_C'] = \
140
os.environ.get('SSL_SERVER_I_DN_C',
141
os.environ.get('SSL_SERVER_IC',
143
SSLEnv['SSL_SERVER_I_DN_Email'] = \
144
os.environ.get('SSL_SERVER_I_DN_Email',
145
os.environ.get('SSL_SERVER_IEMAIL',
147
SSLEnv['SSL_SERVER_I_DN_L'] = \
148
os.environ.get('SSL_SERVER_I_DN_L',
149
os.environ.get('SSL_SERVER_IL',
151
SSLEnv['SSL_SERVER_I_DN_O'] = \
152
os.environ.get('SSL_SERVER_I_DN_O',
153
os.environ.get('SSL_SERVER_IO',
155
SSLEnv['SSL_SERVER_I_DN'] = \
156
os.environ.get('SSL_SERVER_I_DN',
157
os.environ.get('SSL_SERVER_IDN',
159
SSLEnv['SSL_SERVER_I_DN_OU'] = \
160
os.environ.get('SSL_SERVER_I_DN_OU',
161
os.environ.get('SSL_SERVER_IOU',
163
SSLEnv['SSL_SERVER_I_DN_SP'] = \
164
os.environ.get('SSL_SERVER_I_DN_SP',
165
os.environ.get('SSL_SERVER_ISP',
167
SSLEnv['SSL_SERVER_M_SERIAL'] = \
168
os.environ.get('SSL_SERVER_M_SERIAL',
169
os.environ.get('SSL_SERVER_CERT_SERIAL',
171
SSLEnv['SSL_SERVER_S_DN'] = \
172
os.environ.get('SSL_SERVER_S_DN',
173
os.environ.get('SSL_SERVER_DN',
175
SSLEnv['SSL_SERVER_S_DN_CN'] = \
176
os.environ.get('SSL_SERVER_S_DN_CN',
177
os.environ.get('SSL_SERVER_CN',
179
SSLEnv['SSL_SERVER_S_DN_C'] = \
180
os.environ.get('SSL_SERVER_S_DN_C',
181
os.environ.get('SSL_SERVER_C',
183
SSLEnv['SSL_SERVER_S_DN_Email'] = \
184
os.environ.get('SSL_SERVER_S_DN_Email',
185
os.environ.get('SSL_SERVER_EMAIL',
187
SSLEnv['SSL_SERVER_S_DN_L'] = \
188
os.environ.get('SSL_SERVER_S_DN_L',
189
os.environ.get('SSL_SERVER_L',
191
SSLEnv['SSL_SERVER_S_DN_O'] = \
192
os.environ.get('SSL_SERVER_S_DN_O',
193
os.environ.get('SSL_SERVER_O',
195
SSLEnv['SSL_SERVER_S_DN_OU'] = \
196
os.environ.get('SSL_SERVER_S_DN_OU',
197
os.environ.get('SSL_SERVER_OU',
199
SSLEnv['SSL_SERVER_S_DN_SP'] = \
200
os.environ.get('SSL_SERVER_S_DN_SP',
201
os.environ.get('SSL_SERVER_SP',
203
SSLEnv['SSL_SERVER_V_END'] = \
204
os.environ.get('SSL_SERVER_V_END',
205
os.environ.get('SSL_SERVER_CERT_END',
207
SSLEnv['SSL_SERVER_V_START'] = \
208
os.environ.get('SSL_SERVER_V_START',
209
os.environ.get('SSL_SERVER_CERT_START',
211
SSLEnv['SSL_VERSION_LIBRARY'] = \
212
os.environ.get('SSL_VERSION_LIBRARY',
213
os.environ.get('SSL_SSLEAY_VERSION',
220
##############################################################################
221
# Determine Security Level
222
##############################################################################
224
def SecLevel(acceptedciphers,valid_dn_regex='',valid_idn_regex=''):
226
SSL_CIPHER = os.environ.get('SSL_CIPHER',
227
os.environ.get('HTTPS_CIPHER',
231
if SSL_CIPHER and (SSL_CIPHER in acceptedciphers):
233
SSL_CLIENT_S_DN = os.environ.get('SSL_CLIENT_S_DN',
234
os.environ.get('SSL_CLIENT_DN',
239
SSL_CLIENT_I_DN = os.environ.get('SSL_CLIENT_I_DN',
240
os.environ.get('SSL_CLIENT_IDN',
243
dn_rm = re.compile(valid_dn_regex).match(SSL_CLIENT_S_DN)
244
idn_rm = re.compile(valid_idn_regex).match(SSL_CLIENT_I_DN)
258
##############################################################################
259
# Print the SSL data in HTML format
260
##############################################################################
262
def PrintSecInfo(acceptedciphers,valid_dn_regex='',valid_idn_regex='',f=sys.stdout):
264
seclevel = SecLevel(acceptedciphers,valid_dn_regex,valid_idn_regex)
266
f.write("""<h3>Security level</h3><p>Current security level is: <strong>%d</strong></p>
267
<table cellspacing=5%%>
269
<td align=center width=10%%>0</td>
270
<td>no encryption at all</td>
273
<td align=center>1</td>
274
<td>Session is encrypted with SSL and cipher is accepted</td>
277
<td align=center>2</td>
278
<td>Client presented valid certificate,<br>
279
the DN of the certified object matches "<CODE>%s</CODE>"<br>
280
and the DN of the certifier matches "<CODE>%s</CODE>"</td>
283
""" % (seclevel,valid_dn_regex,valid_idn_regex))
287
SSL_CIPHER_ALGKEYSIZE = os.environ.get('SSL_CIPHER_ALGKEYSIZE',
288
os.environ.get('HTTPS_KEYSIZE',
289
os.environ.get('SSL_KEYSIZE',
290
os.environ.get('SSL_SERVER_KEY_SIZE',
292
SSL_CIPHER_EXPORT = os.environ.get('SSL_CIPHER_EXPORT',
293
os.environ.get('HTTPS_EXPORT',
294
os.environ.get('SSL_EXPORT',
296
SSL_CIPHER = os.environ.get('SSL_CIPHER',
297
os.environ.get('HTTPS_CIPHER',
299
SSL_CIPHER_USEKEYSIZE = os.environ.get('SSL_CIPHER_USEKEYSIZE',
300
os.environ.get('HTTPS_SECRETKEYSIZE',
301
os.environ.get('SSL_SECKEYSIZE',
303
SSL_SERVER_S_DN = os.environ.get('SSL_SERVER_S_DN',
304
os.environ.get('SSL_SERVER_DN',
306
SSL_SERVER_I_DN = os.environ.get('SSL_SERVER_I_DN',
307
os.environ.get('SSL_SERVER_IDN',
310
f.write("""You connected with cipher <strong>%s</strong>, key size <strong>%s Bit</strong>, actually used key size <strong>%s Bit</strong>.<p>
311
<h3>Server certificate</h3>
312
<table summary="Server certificate">
316
<dt>This certificate belongs to:</dt>
322
<dt>This certificate was issued by:</dt>
330
SSL_CIPHER_ALGKEYSIZE,
331
SSL_CIPHER_USEKEYSIZE,
332
string.join(string.split(charset.asn12html4(SSL_SERVER_S_DN),'/'),'<br>'),
333
string.join(string.split(charset.asn12html4(SSL_SERVER_I_DN),'/'),'<br>')
338
SSL_CLIENT_I_DN = os.environ.get('SSL_CLIENT_I_DN',
339
os.environ.get('SSL_CLIENT_IDN',
341
SSL_CLIENT_S_DN = os.environ.get('SSL_CLIENT_S_DN',
342
os.environ.get('SSL_CLIENT_DN',
345
f.write("""<h3>Your client certificate</h3>
346
<table summary="Client certificate">
350
<dt>This certificate belongs to:</dt>
356
<dt>This certificate was issued by:</dt>
363
string.join(string.split(charset.asn12html4(SSL_CLIENT_S_DN),'/'),'<br>'),
364
string.join(string.split(charset.asn12html4(SSL_CLIENT_I_DN),'/'),'<br>')