« back to all changes in this revision
Viewing changes to pylib/cgissl.py
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): Lars Bahner
- Date: 2003-12-02 19:39:35 UTC
- Revision ID: james.westby@ubuntu.com-20031202193935-fzzt289mntvy6a8q
Tags: upstream-20031118
ImportĀ upstreamĀ versionĀ 20031118
- files added:
- bin
- cgi-bin
- conf
- docs
- help
- htdocs
- htdocs/help
- htdocs/ssi
- pylib
- pylib/openssl
- sbin
added
removed
pylib/cgissl.py
1
##############################################################################
2
# cgissl.py 0.4.1
3
# (C) 1998 by Michael Stroeder
4
##############################################################################
5
# This module is distributed under the terms of the
6
# GPL (GNU GENERAL PUBLIC LICENSE) Version 2
7
# (see http://www.gnu.org/copyleft/gpl.html)
8
##############################################################################
9
10
import sys, os, re, string, charset
11
12
def GetAllSSLEnviron():
13
14
SSLEnv = {}
15
16
HTTPS = os.environ.get('HTTPS','off')
17
if HTTPS=='on':
18
19
SSLEnv['SSL_CIPHER_ALGKEYSIZE'] = \
20
os.environ.get('SSL_CIPHER_ALGKEYSIZE',
21
os.environ.get('HTTPS_KEYSIZE',
22
os.environ.get('SSL_KEYSIZE',
23
os.environ.get('SSL_SERVER_KEY_SIZE',
24
''))))
25
SSLEnv['SSL_CIPHER_EXPORT'] = \
26
os.environ.get('SSL_CIPHER_EXPORT',
27
os.environ.get('HTTPS_EXPORT',
28
os.environ.get('SSL_EXPORT',
29
'')))
30
SSLEnv['SSL_CIPHER'] = \
31
os.environ.get('SSL_CIPHER',
32
os.environ.get('HTTPS_CIPHER',
33
''))
34
SSLEnv['SSL_CIPHER_USEKEYSIZE'] = \
35
os.environ.get('SSL_CIPHER_USEKEYSIZE',
36
os.environ.get('HTTPS_SECRETKEYSIZE',
37
os.environ.get('SSL_SECKEYSIZE',
38
'')))
39
SSLEnv['SSL_CLIENT_A_SIG'] = \
40
os.environ.get('SSL_CLIENT_A_SIG',
41
os.environ.get('SSL_CLIENT_SIGNATURE_ALGORITHM',
42
''))
43
SSLEnv['SSL_CLIENT_CERT'] = \
44
os.environ.get('SSL_CLIENT_CERT',
45
os.environ.get('SSL_CLIENT_CERTIFICATE',
46
''))
47
SSLEnv['SSL_CLIENT_I_DN'] = \
48
os.environ.get('SSL_CLIENT_I_DN',
49
os.environ.get('SSL_CLIENT_IDN',
50
''))
51
SSLEnv['SSL_CLIENT_I_DN_CN'] = \
52
os.environ.get('SSL_CLIENT_I_DN_CN',
53
os.environ.get('SSL_CLIENT_ICN',
54
''))
55
SSLEnv['SSL_CLIENT_I_DN_C'] = \
56
os.environ.get('SSL_CLIENT_I_DN_C',
57
os.environ.get('SSL_CLIENT_IC',
58
''))
59
SSLEnv['SSL_CLIENT_I_DN_Email'] = \
60
os.environ.get('SSL_CLIENT_I_DN_Email',
61
os.environ.get('SSL_CLIENT_IEMAIL',
62
''))
63
SSLEnv['SSL_CLIENT_I_DN_L'] = \
64
os.environ.get('SSL_CLIENT_I_DN_L',
65
os.environ.get('SSL_CLIENT_IL',
66
''))
67
SSLEnv['SSL_CLIENT_I_DN_O'] = \
68
os.environ.get('SSL_CLIENT_I_DN_O',
69
os.environ.get('SSL_CLIENT_IO',
70
''))
71
SSLEnv['SSL_CLIENT_I_DN_OU'] = \
72
os.environ.get('SSL_CLIENT_I_DN_OU',
73
os.environ.get('SSL_CLIENT_IOU',
74
''))
75
SSLEnv['SSL_CLIENT_I_DN_SP'] = \
76
os.environ.get('SSL_CLIENT_I_DN_SP',
77
os.environ.get('SSL_CLIENT_ISP',
78
''))
79
SSLEnv['SSL_CLIENT_M_SERIAL'] = \
80
os.environ.get('SSL_CLIENT_M_SERIAL',
81
os.environ.get('SSL_CLIENT_CERT_SERIAL',
82
''))
83
SSLEnv['SSL_CLIENT_S_DN'] = \
84
os.environ.get('SSL_CLIENT_S_DN',
85
os.environ.get('SSL_CLIENT_DN',
86
''))
87
SSLEnv['SSL_CLIENT_S_DN_CN'] = \
88
os.environ.get('SSL_CLIENT_S_DN_CN',
89
os.environ.get('SSL_CLIENT_CN',
90
''))
91
SSLEnv['SSL_CLIENT_S_DN_C'] = \
92
os.environ.get('SSL_CLIENT_S_DN_C',
93
os.environ.get('SSL_CLIENT_C',
94
''))
95
SSLEnv['SSL_CLIENT_S_DN_Email'] = \
96
os.environ.get('SSL_CLIENT_S_DN_Email',
97
os.environ.get('SSL_CLIENT_EMAIL',
98
''))
99
SSLEnv['SSL_CLIENT_S_DN_L'] = \
100
os.environ.get('SSL_CLIENT_S_DN_L',
101
os.environ.get('SSL_CLIENT_L',
102
''))
103
SSLEnv['SSL_CLIENT_S_DN_O'] = \
104
os.environ.get('SSL_CLIENT_S_DN_O',
105
os.environ.get('SSL_CLIENT_O',
106
''))
107
SSLEnv['SSL_CLIENT_S_DN_OU'] = \
108
os.environ.get('SSL_CLIENT_S_DN_OU',
109
os.environ.get('SSL_CLIENT_OU',
110
''))
111
SSLEnv['SSL_CLIENT_S_DN_SP'] = \
112
os.environ.get('SSL_CLIENT_S_DN_SP',
113
os.environ.get('SSL_CLIENT_SP',
114
''))
115
SSLEnv['SSL_CLIENT_V_END'] = \
116
os.environ.get('SSL_CLIENT_V_END',
117
os.environ.get('SSL_CLIENT_CERT_END',
118
''))
119
SSLEnv['SSL_CLIENT_V_START'] = \
120
os.environ.get('SSL_CLIENT_V_START',
121
os.environ.get('SSL_CLIENT_CERT_START',
122
''))
123
SSLEnv['SSL_PROTOCOL'] = \
124
os.environ.get('SSL_PROTOCOL',
125
os.environ.get('SSL_PROTOCOL_VERSION',
126
''))
127
SSLEnv['SSL_SERVER_A_SIG'] = \
128
os.environ.get('SSL_SERVER_A_SIG',
129
os.environ.get('SSL_SERVER_SIGNATURE_ALGORITHM',
130
''))
131
SSLEnv['SSL_SERVER_CERT'] = \
132
os.environ.get('SSL_SERVER_CERT',
133
os.environ.get('SSL_SERVER_CERTIFICATE',
134
''))
135
SSLEnv['SSL_SERVER_I_DN_CN'] = \
136
os.environ.get('SSL_SERVER_I_DN_CN',
137
os.environ.get('SSL_SERVER_ICN',
138
''))
139
SSLEnv['SSL_SERVER_I_DN_C'] = \
140
os.environ.get('SSL_SERVER_I_DN_C',
141
os.environ.get('SSL_SERVER_IC',
142
''))
143
SSLEnv['SSL_SERVER_I_DN_Email'] = \
144
os.environ.get('SSL_SERVER_I_DN_Email',
145
os.environ.get('SSL_SERVER_IEMAIL',
146
''))
147
SSLEnv['SSL_SERVER_I_DN_L'] = \
148
os.environ.get('SSL_SERVER_I_DN_L',
149
os.environ.get('SSL_SERVER_IL',
150
''))
151
SSLEnv['SSL_SERVER_I_DN_O'] = \
152
os.environ.get('SSL_SERVER_I_DN_O',
153
os.environ.get('SSL_SERVER_IO',
154
''))
155
SSLEnv['SSL_SERVER_I_DN'] = \
156
os.environ.get('SSL_SERVER_I_DN',
157
os.environ.get('SSL_SERVER_IDN',
158
''))
159
SSLEnv['SSL_SERVER_I_DN_OU'] = \
160
os.environ.get('SSL_SERVER_I_DN_OU',
161
os.environ.get('SSL_SERVER_IOU',
162
''))
163
SSLEnv['SSL_SERVER_I_DN_SP'] = \
164
os.environ.get('SSL_SERVER_I_DN_SP',
165
os.environ.get('SSL_SERVER_ISP',
166
''))
167
SSLEnv['SSL_SERVER_M_SERIAL'] = \
168
os.environ.get('SSL_SERVER_M_SERIAL',
169
os.environ.get('SSL_SERVER_CERT_SERIAL',
170
''))
171
SSLEnv['SSL_SERVER_S_DN'] = \
172
os.environ.get('SSL_SERVER_S_DN',
173
os.environ.get('SSL_SERVER_DN',
174
''))
175
SSLEnv['SSL_SERVER_S_DN_CN'] = \
176
os.environ.get('SSL_SERVER_S_DN_CN',
177
os.environ.get('SSL_SERVER_CN',
178
''))
179
SSLEnv['SSL_SERVER_S_DN_C'] = \
180
os.environ.get('SSL_SERVER_S_DN_C',
181
os.environ.get('SSL_SERVER_C',
182
''))
183
SSLEnv['SSL_SERVER_S_DN_Email'] = \
184
os.environ.get('SSL_SERVER_S_DN_Email',
185
os.environ.get('SSL_SERVER_EMAIL',
186
''))
187
SSLEnv['SSL_SERVER_S_DN_L'] = \
188
os.environ.get('SSL_SERVER_S_DN_L',
189
os.environ.get('SSL_SERVER_L',
190
''))
191
SSLEnv['SSL_SERVER_S_DN_O'] = \
192
os.environ.get('SSL_SERVER_S_DN_O',
193
os.environ.get('SSL_SERVER_O',
194
''))
195
SSLEnv['SSL_SERVER_S_DN_OU'] = \
196
os.environ.get('SSL_SERVER_S_DN_OU',
197
os.environ.get('SSL_SERVER_OU',
198
''))
199
SSLEnv['SSL_SERVER_S_DN_SP'] = \
200
os.environ.get('SSL_SERVER_S_DN_SP',
201
os.environ.get('SSL_SERVER_SP',
202
''))
203
SSLEnv['SSL_SERVER_V_END'] = \
204
os.environ.get('SSL_SERVER_V_END',
205
os.environ.get('SSL_SERVER_CERT_END',
206
''))
207
SSLEnv['SSL_SERVER_V_START'] = \
208
os.environ.get('SSL_SERVER_V_START',
209
os.environ.get('SSL_SERVER_CERT_START',
210
''))
211
SSLEnv['SSL_VERSION_LIBRARY'] = \
212
os.environ.get('SSL_VERSION_LIBRARY',
213
os.environ.get('SSL_SSLEAY_VERSION',
214
''))
215
216
return SSLEnv
217
218
219
220
##############################################################################
221
# Determine Security Level
222
##############################################################################
223
224
def SecLevel(acceptedciphers,valid_dn_regex='',valid_idn_regex=''):
225
226
SSL_CIPHER = os.environ.get('SSL_CIPHER',
227
os.environ.get('HTTPS_CIPHER',
228
''))
229
230
# SSL-Verbindung?
231
if SSL_CIPHER and (SSL_CIPHER in acceptedciphers):
232
233
SSL_CLIENT_S_DN = os.environ.get('SSL_CLIENT_S_DN',
234
os.environ.get('SSL_CLIENT_DN',
235
''))
236
237
if SSL_CLIENT_S_DN:
238
239
SSL_CLIENT_I_DN = os.environ.get('SSL_CLIENT_I_DN',
240
os.environ.get('SSL_CLIENT_IDN',
241
''))
242
243
dn_rm = re.compile(valid_dn_regex).match(SSL_CLIENT_S_DN)
244
idn_rm = re.compile(valid_idn_regex).match(SSL_CLIENT_I_DN)
245
246
if (dn_rm) and \
247
(idn_rm):
248
return 2
249
else:
250
return 1
251
252
else:
253
return 1
254
255
return 0
256
257
258
##############################################################################
259
# Print the SSL data in HTML format
260
##############################################################################
261
262
def PrintSecInfo(acceptedciphers,valid_dn_regex='',valid_idn_regex='',f=sys.stdout):
263
264
seclevel = SecLevel(acceptedciphers,valid_dn_regex,valid_idn_regex)
265
266
f.write("""<h3>Security level</h3><p>Current security level is: <strong>%d</strong></p>
267
<table cellspacing=5%%>
268
<tr>
269
<td align=center width=10%%>0</td>
270
<td>no encryption at all</td>
271
</tr>
272
<tr>
273
<td align=center>1</td>
274
<td>Session is encrypted with SSL and cipher is accepted</td>
275
</tr>
276
<tr>
277
<td align=center>2</td>
278
<td>Client presented valid certificate,<br>
279
the DN of the certified object matches "<CODE>%s</CODE>"<br>
280
and the DN of the certifier matches "<CODE>%s</CODE>"</td>
281
</tr>
282
</table>
283
""" % (seclevel,valid_dn_regex,valid_idn_regex))
284
285
if seclevel>=1:
286
287
SSL_CIPHER_ALGKEYSIZE = os.environ.get('SSL_CIPHER_ALGKEYSIZE',
288
os.environ.get('HTTPS_KEYSIZE',
289
os.environ.get('SSL_KEYSIZE',
290
os.environ.get('SSL_SERVER_KEY_SIZE',
291
''))))
292
SSL_CIPHER_EXPORT = os.environ.get('SSL_CIPHER_EXPORT',
293
os.environ.get('HTTPS_EXPORT',
294
os.environ.get('SSL_EXPORT',
295
'')))
296
SSL_CIPHER = os.environ.get('SSL_CIPHER',
297
os.environ.get('HTTPS_CIPHER',
298
''))
299
SSL_CIPHER_USEKEYSIZE = os.environ.get('SSL_CIPHER_USEKEYSIZE',
300
os.environ.get('HTTPS_SECRETKEYSIZE',
301
os.environ.get('SSL_SECKEYSIZE',
302
'')))
303
SSL_SERVER_S_DN = os.environ.get('SSL_SERVER_S_DN',
304
os.environ.get('SSL_SERVER_DN',
305
''))
306
SSL_SERVER_I_DN = os.environ.get('SSL_SERVER_I_DN',
307
os.environ.get('SSL_SERVER_IDN',
308
''))
309
310
f.write("""You connected with cipher <strong>%s</strong>, key size <strong>%s Bit</strong>, actually used key size <strong>%s Bit</strong>.<p>
311
<h3>Server certificate</h3>
312
<table summary="Server certificate">
313
<tr>
314
<td>
315
<dl>
316
<dt>This certificate belongs to:</dt>
317
<dd>%s</dd>
318
</dl>
319
</td>
320
<td>
321
<dl>
322
<dt>This certificate was issued by:</dt>
323
<dd>%s</dd>
324
</dl>
325
</td>
326
</tr>
327
</table>
328
""" % (
329
SSL_CIPHER,
330
SSL_CIPHER_ALGKEYSIZE,
331
SSL_CIPHER_USEKEYSIZE,
332
string.join(string.split(charset.asn12html4(SSL_SERVER_S_DN),'/'),'<br>'),
333
string.join(string.split(charset.asn12html4(SSL_SERVER_I_DN),'/'),'<br>')
334
))
335
336
if seclevel>=2:
337
338
SSL_CLIENT_I_DN = os.environ.get('SSL_CLIENT_I_DN',
339
os.environ.get('SSL_CLIENT_IDN',
340
''))
341
SSL_CLIENT_S_DN = os.environ.get('SSL_CLIENT_S_DN',
342
os.environ.get('SSL_CLIENT_DN',
343
''))
344
345
f.write("""<h3>Your client certificate</h3>
346
<table summary="Client certificate">
347
<tr>
348
<td>
349
<dl>
350
<dt>This certificate belongs to:</dt>
351
<dd>%s</dd>
352
</dl>
353
</td>
354
<td>
355
<dl>
356
<dt>This certificate was issued by:</dt>
357
<dd>%s</dd>
358
</dl>
359
</td>
360
</tr>
361
</table>
362
""" % (
363
string.join(string.split(charset.asn12html4(SSL_CLIENT_S_DN),'/'),'<br>'),
364
string.join(string.split(charset.asn12html4(SSL_CLIENT_I_DN),'/'),'<br>')
365
))
366
Loggerhead is a web-based interface for Breezy
Version: 2.0.1