Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/login/test/https_forwarder.py

Issue 2719273002: Disable commonName matching for certificates (Closed)
Patch Set: More ChromeOS fixes Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/browser/policy/configuration_policy_handler_list_factory.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2014 The Chromium Authors. All rights reserved. 1 # Copyright 2014 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be 2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file. 3 # found in the LICENSE file.
4 4
5 """An https server that forwards requests to another server. This allows a 5 """An https server that forwards requests to another server. This allows a
6 server that supports http only to be accessed over https. 6 server that supports http only to be accessed over https.
7 """ 7 """
8 8
9 import BaseHTTPServer 9 import BaseHTTPServer
10 import minica 10 import minica
11 import re 11 import re
12 import socket
12 import SocketServer 13 import SocketServer
13 import sys 14 import sys
14 import urllib2 15 import urllib2
15 import urlparse 16 import urlparse
16 import testserver_base 17 import testserver_base
17 import tlslite.api 18 import tlslite.api
18 19
19 20
20 class RedirectSuppressor(urllib2.HTTPErrorProcessor): 21 class RedirectSuppressor(urllib2.HTTPErrorProcessor):
21 """Prevents urllib2 from following http redirects. 22 """Prevents urllib2 from following http redirects.
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 server_data: Dictionary that holds information about the server. 155 server_data: Dictionary that holds information about the server.
155 Returns: 156 Returns:
156 The started server. 157 The started server.
157 """ 158 """
158 # The server binds to |host:port| but the certificate is issued to 159 # The server binds to |host:port| but the certificate is issued to
159 # |ssl_host| instead. 160 # |ssl_host| instead.
160 port = self.options.port 161 port = self.options.port
161 host = self.options.host 162 host = self.options.host
162 ssl_host = self.options.ssl_host 163 ssl_host = self.options.ssl_host
163 164
165 # Allow |ssl_host| to be an IP address or a domain name, and ensure
166 # it gets added as the appropriate subjectAltName of the generated
167 # certificate.
168 dns_sans = None
169 ip_sans = None
170 ip = None
171 if ip is None:
172 try:
173 ip = socket.inet_pton(socket.AF_INET, ssl_host)
174 ip_sans = [ip]
175 except socket.error:
176 pass
177 if ip is None:
178 try:
179 ip = socket.inet_pton(socket.AF_INET6, ssl_host)
180 ip_sans = [ip]
181 except socket.error:
182 pass
183 if ip is None:
184 dns_sans = [ssl_host]
185
164 (pem_cert_and_key, ocsp_der) = minica.GenerateCertKeyAndOCSP( 186 (pem_cert_and_key, ocsp_der) = minica.GenerateCertKeyAndOCSP(
165 subject = self.options.ssl_host, 187 subject = self.options.ssl_host,
166 ocsp_url = None) 188 ocsp_url = None,
189 ip_sans = ip_sans,
190 dns_sans = dns_sans)
167 191
168 server = MultiThreadedHTTPSServer((host, port), 192 server = MultiThreadedHTTPSServer((host, port),
169 RequestForwarder, 193 RequestForwarder,
170 pem_cert_and_key) 194 pem_cert_and_key)
171 print 'HTTPS server started on %s:%d...' % (host, server.server_port) 195 print 'HTTPS server started on %s:%d...' % (host, server.server_port)
172 196
173 forward_target = urlparse.urlparse(self.options.forward_target) 197 forward_target = urlparse.urlparse(self.options.forward_target)
174 server.forward_scheme = forward_target[0] 198 server.forward_scheme = forward_target[0]
175 server.forward_netloc = forward_target[1] 199 server.forward_netloc = forward_target[1]
176 server.forward_path = forward_target[2].rstrip('/') 200 server.forward_path = forward_target[2].rstrip('/')
(...skipping 16 matching lines...) Expand all
193 self.option_parser.add_option('--ocsp-produced', help='Ignored (provided ' 217 self.option_parser.add_option('--ocsp-produced', help='Ignored (provided '
194 'for compatibility only).') 218 'for compatibility only).')
195 self.option_parser.add_option('--ssl-host', help='The host name that the ' 219 self.option_parser.add_option('--ssl-host', help='The host name that the '
196 'certificate should be issued to.') 220 'certificate should be issued to.')
197 self.option_parser.add_option('--forward-target', help='The URL prefix to ' 221 self.option_parser.add_option('--forward-target', help='The URL prefix to '
198 'which requests will be forwarded.') 222 'which requests will be forwarded.')
199 223
200 224
201 if __name__ == '__main__': 225 if __name__ == '__main__':
202 sys.exit(ServerRunner().main()) 226 sys.exit(ServerRunner().main())
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/policy/configuration_policy_handler_list_factory.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698