[tor-commits] [ooni-probe/master] Implement SSL support for OONIB
art at torproject.org
art at torproject.org
Tue Jul 24 13:10:58 UTC 2012
commit 59daf0150e2661be93ddde2bee57feb3ca7ac5b6
Author: Arturo Filastò <arturo at filasto.net>
Date: Tue Jul 24 15:10:37 2012 +0200
Implement SSL support for OONIB
---
.gitignore | 1 +
oonib/README.md | 10 ++++++++++
oonib/backends/ssl.py | 7 +++++++
oonib/oonibackend.conf | 8 --------
oonib/oonibackend.conf.sample | 10 ++++++++++
oonib/oonibackend.py | 11 ++++++++++-
6 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/.gitignore b/.gitignore
index 553482d..7f270bb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ proxy-lists/italy-dns-ips.txt
proxy-lists/italy-http-ips.txt
private/*
/ooni/plugins/dropin.cache
+oonib/oonibackend.conf
diff --git a/oonib/README.md b/oonib/README.md
new file mode 100644
index 0000000..6823d06
--- /dev/null
+++ b/oonib/README.md
@@ -0,0 +1,10 @@
+# Generate self signed certs for OONIB
+
+ openssl genrsa -des3 -out private.key 4096
+ openssl req -new -key private.key -out server.csr
+ cp private.key private.key.org
+ # Remove passphrase from key
+ openssl rsa -in private.key.org -out private.key
+ openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate.crt
+ rm private.key.org
+
diff --git a/oonib/backends/ssl.py b/oonib/backends/ssl.py
new file mode 100644
index 0000000..5f19686
--- /dev/null
+++ b/oonib/backends/ssl.py
@@ -0,0 +1,7 @@
+from twisted.internet import ssl
+
+class SSLContext(ssl.DefaultOpenSSLContextFactory):
+ def __init__(self, config):
+ ssl.DefaultOpenSSLContextFactory.__init__(self, config.main.ssl_private_key,
+ config.main.ssl_certificate)
+
diff --git a/oonib/oonibackend.conf b/oonib/oonibackend.conf
deleted file mode 100644
index 5265045..0000000
--- a/oonib/oonibackend.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[main]
-http_port = 8080
-dns_udp_port = 5354
-dns_tcp_port = 8002
-daphn3_port = 9666
-server_version = Apache
-[daphn3]
-pcap_file = /Users/y/Documents/workspace/ooni-probe.new/oonib/server.pcap
diff --git a/oonib/oonibackend.conf.sample b/oonib/oonibackend.conf.sample
new file mode 100644
index 0000000..a5cbbd3
--- /dev/null
+++ b/oonib/oonibackend.conf.sample
@@ -0,0 +1,10 @@
+[main]
+http_port = 8080
+dns_udp_port = 5354
+dns_tcp_port = 8002
+daphn3_port = 9666
+server_version = Apache
+ssl_private_key = /path/to/private.key
+ssl_certificate = /path/to/certificate.crt
+[daphn3]
+pcap_file = /path/to/server.pcap
diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py
index fe1a760..c5a866b 100755
--- a/oonib/oonibackend.py
+++ b/oonib/oonibackend.py
@@ -18,6 +18,7 @@ from twisted.names import dns
from oonib.common import config
from oonib.backends.http import HTTPBackend
+from oonib.backends.ssl import SSLContext
from oonib.backends.dns import ProxyDNSServer
from oonib.backends.daphn3 import Daphn3Server
@@ -26,7 +27,15 @@ server.version = config.main.server_version
application = service.Application('oonibackend')
serviceCollection = service.IServiceCollection(application)
-internet.TCPServer(int(config.main.http_port), server.Site(HTTPBackend())).setServiceParent(serviceCollection)
+
+internet.TCPServer(int(config.main.http_port),
+ server.Site(HTTPBackend())
+ ).setServiceParent(serviceCollection)
+
+internet.SSLServer(int(config.main.ssl_port),
+ server.Site(HTTPBackend()),
+ SSLContext(config),
+ ).setServiceParent(serviceCollection)
# Start the DNS Server related services
TCPDNSServer = ProxyDNSServer()
More information about the tor-commits
mailing list