5
(c) by Michael Stroeder <michael@stroeder.com>
7
CGI-BIN to check cryptographic abilities of a WWW
8
browser/server combination
9
The SSL data only works with the environment of ApacheSSL.
14
########################################################################
15
# Some variables to configure the basic behaviour
16
########################################################################
18
# Do not list the environment vars listed here
20
'DOCUMENT_ROOT','SCRIPT_NAME','SCRIPT_FILENAME','PATH',
21
'SERVER_SOFTWARE','SSLEAY_VERSION','SERVER_SIGNATURE'
24
# Specifies a list of the acceptable symmetric key ciphers
25
# See also http://www.apache-ssl.org/ and the ApacheSSL
26
# run-time directives SSLBanCipher, SSLRequireCipher, SSLRequiredCiphers
27
sec_sslacceptedciphers = [
33
'DH-DSS-DES-CBC3-SHA',
34
'DH-RSA-DES-CBC3-SHA',
35
'EDH-DSS-DES-CBC3-SHA',
36
'EDH-RSA-DES-CBC3-SHA',
44
########################################################################
45
# There's nothing to configure below this line
46
########################################################################
48
import sys,os,string,time,re,urllib
50
import pycacnf,htmlbase,charset
52
###############################################################################
54
###############################################################################
58
gmt=time.time()-3600*time.daylight+time.timezone
60
htmlbase.PrintHeader('Cryptographic Browser Check')
61
htmlbase.PrintHeading('Cryptographic Browser Check')
63
htmlbase.PrintHeading('SSL',2)
65
if os.environ.has_key('HTTPS'):
67
htmlbase.PrintHeading('SSL symmetric cipher',3)
68
print 'You connected with cipher <STRONG>%s</STRONG>, key size <STRONG>%s Bit</STRONG>, secret key size <STRONG>%s Bit</STRONG>.<P>' % (
69
os.environ['SSL_CIPHER'],
70
os.environ['HTTPS_KEYSIZE'],
71
os.environ['HTTPS_SECRETKEYSIZE']
74
htmlbase.PrintHeading('Client Certificate',3)
75
ssl_client_dn = os.environ.get('SSL_CLIENT_DN','')
77
ssl_client_idn = os.environ.get('SSL_CLIENT_I_DN','')
78
if not ssl_client_idn:
79
ssl_client_idn = os.environ.get('SSL_CLIENT_IDN','')
80
print 'Your client sent the following certificate:<TABLE BORDER=1><TR><TD>%s</TD><TD>%s</TD></TR></TABLE><P>' % (
81
string.join(string.split(charset.t612html4(ssl_client_dn[1:]),'/'),'<BR>'),
82
string.join(string.split(charset.t612html4(ssl_client_idn[1:]),'/'),'<BR>')
85
print 'Your client did not send a certificate or the server did not request a client certificate.'
88
print 'This was not a SSL connection at all.'
90
htmlbase.PrintHeading('Test Key Generation',2)
91
query_string=os.environ.get('QUERY_STRING','')
94
spkac_rm=re.compile('^SPKAC=.*').match(query_string)
95
if spkac_rm and spkac_rm.string==query_string:
96
spkac_req=urllib.unquote_plus(query_string[6:])
97
print 'Your client submitted the following SPKAC request (%d Bytes):<PRE>%s</PRE>' % (len(spkac_req),spkac_req)
99
print 'The format of the submitted SPKAC request was wrong.'
102
<FORM ACTION="browser-check.py" METHOD="GET">
103
Key length: <KEYGEN NAME="SPKAC" CHALLENGE="test">
104
<INPUT TYPE="submit" VALUE="Generate Key Pair">
108
htmlbase.PrintHeading('Environment Variables')
109
print '<TABLE BORDER>'
110
env_keys=os.environ.keys()
112
hidden_envvars.append('QUERY_STRING')
113
for env in hidden_envvars:
122
print '<TR><TD>%s</TD><TD>%s</TD></TR>' % (env,os.environ[env])
125
htmlbase.PrintFooter()