[Checkins] SVN: keas.kmi/trunk/ Make the sample server use SSL.

Marius Gedminas marius at pov.lt
Thu Sep 4 12:10:29 EDT 2008


Log message for revision 90815:
  Make the sample server use SSL.
  
  There's one problem: the sample wget --post-file command hangs.
  
  

Changed:
  U   keas.kmi/trunk/README.txt
  U   keas.kmi/trunk/buildout.cfg
  A   keas.kmi/trunk/generate-sample-cert.sh
  A   keas.kmi/trunk/sample.pem
  U   keas.kmi/trunk/server.ini

-=-
Modified: keas.kmi/trunk/README.txt
===================================================================
--- keas.kmi/trunk/README.txt	2008-09-04 16:07:15 UTC (rev 90814)
+++ keas.kmi/trunk/README.txt	2008-09-04 16:10:29 UTC (rev 90815)
@@ -10,12 +10,14 @@
 The server will come up on port 8080. You can create a new key encrypting key
 using::
 
-  $ wget http://localhost:8080/new -O kek.dat
+  $ wget https://localhost:8080/new -O kek.dat --ca-certificate sample.pem
 
 The data encryption key can now be retrieved by posting the KEK to another
 URL::
 
-  $ wget http://localhost:8080/key --post-file kek.dat -O datakey.dat
+  $ wget https://localhost:8080/key --post-file kek.dat -O datakey.dat --ca-certificate sample.pem
 
 Note: To be compliant, the server must use an encrypted communication channel
-of course.
+of course.  The ``--ca-certificate`` tells wget to trust the sample self-signed
+certificate included in the keas.kmi distribution; you'll want to generate a
+new SSL certificate for production use.

Modified: keas.kmi/trunk/buildout.cfg
===================================================================
--- keas.kmi/trunk/buildout.cfg	2008-09-04 16:07:15 UTC (rev 90814)
+++ keas.kmi/trunk/buildout.cfg	2008-09-04 16:10:29 UTC (rev 90815)
@@ -31,6 +31,7 @@
 eggs = Paste
        PasteScript
        PasteDeploy
+       pyOpenSSL
        zope.app.component
        zope.app.publication
        zope.app.publisher

Added: keas.kmi/trunk/generate-sample-cert.sh
===================================================================
--- keas.kmi/trunk/generate-sample-cert.sh	                        (rev 0)
+++ keas.kmi/trunk/generate-sample-cert.sh	2008-09-04 16:10:29 UTC (rev 90815)
@@ -0,0 +1,6 @@
+#!/bin/sh
+openssl genrsa 1024 > sample.key
+openssl req -new -x509 -nodes -sha1 -days 3650 -key sample.key > sample.cert
+cat sample.cert sample.key > sample.pem
+rm sample.key sample.cert
+


Property changes on: keas.kmi/trunk/generate-sample-cert.sh
___________________________________________________________________
Name: svn:executable
   + *
Name: svn:eol-style
   + native

Added: keas.kmi/trunk/sample.pem
===================================================================
--- keas.kmi/trunk/sample.pem	                        (rev 0)
+++ keas.kmi/trunk/sample.pem	2008-09-04 16:10:29 UTC (rev 90815)
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIICcTCCAdqgAwIBAgIJAMvA30EY1rKtMA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV
+BAYTAlVTMQ0wCwYDVQQKEwRLZWFzMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMDgw
+OTA0MTU1MTU5WhcNMTgwOTAyMTU1MTU5WjAwMQswCQYDVQQGEwJVUzENMAsGA1UE
+ChMES2VhczESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDK17rB/KVaK8MVjiEkvA4ZncOOIC3nStZ/erXM+qwkghPM4Tfr2FTU
+iTgwwdLdu/ht74oWnppttfaTQ+sVz2rFXnPgfqKTGoJTwWFiuNuZhSRDVssGVnL/
+RatZW6wns8UNf+W4hUe6/vGQP6obNTe2T4R+t2hXP51OkOy4BMcq0QIDAQABo4GS
+MIGPMB0GA1UdDgQWBBQDIsX7HoSqbxKrCawi64MkXRmtmzBgBgNVHSMEWTBXgBQD
+IsX7HoSqbxKrCawi64MkXRmtm6E0pDIwMDELMAkGA1UEBhMCVVMxDTALBgNVBAoT
+BEtlYXMxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAMvA30EY1rKtMAwGA1UdEwQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADgYEAW5UBM7EIMpARzQwpQ8N1gyTR/VqJ9fSm4MIw
+Y5m90HRgsDcXVbhn0rRfcC8o4EtGDvCjqsFYXy/ImF9tjEiuaysxbqepl+XMszPE
+1kO50quWsV1FLSdcJX6t/ofJYOxiQkqPvg9t/ovTnEZ+w4NfPo+0MJgudjJoD2+w
+5UTsKtU=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDK17rB/KVaK8MVjiEkvA4ZncOOIC3nStZ/erXM+qwkghPM4Tfr
+2FTUiTgwwdLdu/ht74oWnppttfaTQ+sVz2rFXnPgfqKTGoJTwWFiuNuZhSRDVssG
+VnL/RatZW6wns8UNf+W4hUe6/vGQP6obNTe2T4R+t2hXP51OkOy4BMcq0QIDAQAB
+AoGAHcDJDx1M784NfoLrj6TZ+J3wik9kDFIo5mgMdLWsPGqsFthOSJTh1I8QI+66
+THX++bkyKyE2i7MuKOnEeN2Ezo2jAThF7XoWhm6/+pSXhSqmL1jKr/1CZRaR9jv0
+cCVJc3mTuAGH+yFVeGpWNvDaCmOUlD5M48xTROJXteDQ0TECQQDuDM9pmQdqkGIp
+dvbIviS8donYn0kJ0TKS14pMtb/C63lcld513rHS43ru3FRY9baR/q5vV9vW5RhH
+S7w4cYvVAkEA2iNLsFEAkY88oZJYbdyybeKxZdReyes1/zPe4RYzRdbDHRNAa+zk
+mZIZDI820E0Y+DeoT+q3nXkXiiOS/iRNDQJBAKdAvOH2sO1AcJetjArS/cCkkIlw
+sMKDB0OAyRzIfekXxPc2HU03oD0Jsy/sAh9W1GWTST/VvRIpeHtvTNljfdkCQF5T
+UuBcNoW6zXoEYU6oV1Oi6hjhW1eu6PuAv4jPY754XoiNEZdZqYQqo8BFkWtDW1/C
+GXrtQRbMDPzD40UYB2UCQQCmJpJp+u2lHj7zuZikHIHQBNyXyoGnzgNs6XUj1Bs6
+Y4vjue8w6RkRLZ1YGP+xqsngVqb9IRygyLDpEgwEnOT4
+-----END RSA PRIVATE KEY-----

Modified: keas.kmi/trunk/server.ini
===================================================================
--- keas.kmi/trunk/server.ini	2008-09-04 16:07:15 UTC (rev 90814)
+++ keas.kmi/trunk/server.ini	2008-09-04 16:10:29 UTC (rev 90815)
@@ -6,3 +6,4 @@
 use = egg:Paste#http
 host = 0.0.0.0
 port = 8080
+ssl_pem = sample.pem



More information about the Checkins mailing list