[Checkins] SVN: keas.kmi/trunk/ Make the sample server use SSL.
Marius Gedminas
marius at pov.lt
Thu Sep 4 12:10:29 EDT 2008
Log message for revision 90815:
Make the sample server use SSL.
There's one problem: the sample wget --post-file command hangs.
Changed:
U keas.kmi/trunk/README.txt
U keas.kmi/trunk/buildout.cfg
A keas.kmi/trunk/generate-sample-cert.sh
A keas.kmi/trunk/sample.pem
U keas.kmi/trunk/server.ini
-=-
Modified: keas.kmi/trunk/README.txt
===================================================================
--- keas.kmi/trunk/README.txt 2008-09-04 16:07:15 UTC (rev 90814)
+++ keas.kmi/trunk/README.txt 2008-09-04 16:10:29 UTC (rev 90815)
@@ -10,12 +10,14 @@
The server will come up on port 8080. You can create a new key encrypting key
using::
- $ wget http://localhost:8080/new -O kek.dat
+ $ wget https://localhost:8080/new -O kek.dat --ca-certificate sample.pem
The data encryption key can now be retrieved by posting the KEK to another
URL::
- $ wget http://localhost:8080/key --post-file kek.dat -O datakey.dat
+ $ wget https://localhost:8080/key --post-file kek.dat -O datakey.dat --ca-certificate sample.pem
Note: To be compliant, the server must use an encrypted communication channel
-of course.
+of course. The ``--ca-certificate`` tells wget to trust the sample self-signed
+certificate included in the keas.kmi distribution; you'll want to generate a
+new SSL certificate for production use.
Modified: keas.kmi/trunk/buildout.cfg
===================================================================
--- keas.kmi/trunk/buildout.cfg 2008-09-04 16:07:15 UTC (rev 90814)
+++ keas.kmi/trunk/buildout.cfg 2008-09-04 16:10:29 UTC (rev 90815)
@@ -31,6 +31,7 @@
eggs = Paste
PasteScript
PasteDeploy
+ pyOpenSSL
zope.app.component
zope.app.publication
zope.app.publisher
Added: keas.kmi/trunk/generate-sample-cert.sh
===================================================================
--- keas.kmi/trunk/generate-sample-cert.sh (rev 0)
+++ keas.kmi/trunk/generate-sample-cert.sh 2008-09-04 16:10:29 UTC (rev 90815)
@@ -0,0 +1,6 @@
+#!/bin/sh
+openssl genrsa 1024 > sample.key
+openssl req -new -x509 -nodes -sha1 -days 3650 -key sample.key > sample.cert
+cat sample.cert sample.key > sample.pem
+rm sample.key sample.cert
+
Property changes on: keas.kmi/trunk/generate-sample-cert.sh
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:eol-style
+ native
Added: keas.kmi/trunk/sample.pem
===================================================================
--- keas.kmi/trunk/sample.pem (rev 0)
+++ keas.kmi/trunk/sample.pem 2008-09-04 16:10:29 UTC (rev 90815)
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIICcTCCAdqgAwIBAgIJAMvA30EY1rKtMA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV
+BAYTAlVTMQ0wCwYDVQQKEwRLZWFzMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMDgw
+OTA0MTU1MTU5WhcNMTgwOTAyMTU1MTU5WjAwMQswCQYDVQQGEwJVUzENMAsGA1UE
+ChMES2VhczESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDK17rB/KVaK8MVjiEkvA4ZncOOIC3nStZ/erXM+qwkghPM4Tfr2FTU
+iTgwwdLdu/ht74oWnppttfaTQ+sVz2rFXnPgfqKTGoJTwWFiuNuZhSRDVssGVnL/
+RatZW6wns8UNf+W4hUe6/vGQP6obNTe2T4R+t2hXP51OkOy4BMcq0QIDAQABo4GS
+MIGPMB0GA1UdDgQWBBQDIsX7HoSqbxKrCawi64MkXRmtmzBgBgNVHSMEWTBXgBQD
+IsX7HoSqbxKrCawi64MkXRmtm6E0pDIwMDELMAkGA1UEBhMCVVMxDTALBgNVBAoT
+BEtlYXMxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAMvA30EY1rKtMAwGA1UdEwQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADgYEAW5UBM7EIMpARzQwpQ8N1gyTR/VqJ9fSm4MIw
+Y5m90HRgsDcXVbhn0rRfcC8o4EtGDvCjqsFYXy/ImF9tjEiuaysxbqepl+XMszPE
+1kO50quWsV1FLSdcJX6t/ofJYOxiQkqPvg9t/ovTnEZ+w4NfPo+0MJgudjJoD2+w
+5UTsKtU=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDK17rB/KVaK8MVjiEkvA4ZncOOIC3nStZ/erXM+qwkghPM4Tfr
+2FTUiTgwwdLdu/ht74oWnppttfaTQ+sVz2rFXnPgfqKTGoJTwWFiuNuZhSRDVssG
+VnL/RatZW6wns8UNf+W4hUe6/vGQP6obNTe2T4R+t2hXP51OkOy4BMcq0QIDAQAB
+AoGAHcDJDx1M784NfoLrj6TZ+J3wik9kDFIo5mgMdLWsPGqsFthOSJTh1I8QI+66
+THX++bkyKyE2i7MuKOnEeN2Ezo2jAThF7XoWhm6/+pSXhSqmL1jKr/1CZRaR9jv0
+cCVJc3mTuAGH+yFVeGpWNvDaCmOUlD5M48xTROJXteDQ0TECQQDuDM9pmQdqkGIp
+dvbIviS8donYn0kJ0TKS14pMtb/C63lcld513rHS43ru3FRY9baR/q5vV9vW5RhH
+S7w4cYvVAkEA2iNLsFEAkY88oZJYbdyybeKxZdReyes1/zPe4RYzRdbDHRNAa+zk
+mZIZDI820E0Y+DeoT+q3nXkXiiOS/iRNDQJBAKdAvOH2sO1AcJetjArS/cCkkIlw
+sMKDB0OAyRzIfekXxPc2HU03oD0Jsy/sAh9W1GWTST/VvRIpeHtvTNljfdkCQF5T
+UuBcNoW6zXoEYU6oV1Oi6hjhW1eu6PuAv4jPY754XoiNEZdZqYQqo8BFkWtDW1/C
+GXrtQRbMDPzD40UYB2UCQQCmJpJp+u2lHj7zuZikHIHQBNyXyoGnzgNs6XUj1Bs6
+Y4vjue8w6RkRLZ1YGP+xqsngVqb9IRygyLDpEgwEnOT4
+-----END RSA PRIVATE KEY-----
Modified: keas.kmi/trunk/server.ini
===================================================================
--- keas.kmi/trunk/server.ini 2008-09-04 16:07:15 UTC (rev 90814)
+++ keas.kmi/trunk/server.ini 2008-09-04 16:10:29 UTC (rev 90815)
@@ -6,3 +6,4 @@
use = egg:Paste#http
host = 0.0.0.0
port = 8080
+ssl_pem = sample.pem
More information about the Checkins
mailing list