diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/http-server.py | 17 | ||||
| -rw-r--r-- | scripts/rpki/https.py | 23 | ||||
| -rw-r--r-- | scripts/rpki/x509.py | 2 |
3 files changed, 6 insertions, 36 deletions
diff --git a/scripts/http-server.py b/scripts/http-server.py index 00e7b1ba..e5e63dc6 100644 --- a/scripts/http-server.py +++ b/scripts/http-server.py @@ -4,23 +4,6 @@ import rpki.https, tlslite.api certInfo = rpki.https.CertInfo("Carol") -# Ok, here's the problem: the certChain is order-sensitive. -# We have to put the EE cert before the CA cert or things break. -# -# For the moment we can kludge this but in the general case we're -# going to have to sort certs somehow. This is the second time this -# problem has come up (CMS had the same issue). - -if True: - certChain = [] - for file in ("biz-certs/Carol-EE.cer", "biz-certs/Carol-CA.cer"): - f = open(file, "r") - x509 = tlslite.api.X509() - x509.parse(f.read()) - f.close() - certChain.append(x509) - certInfo.certChain = tlslite.api.X509CertChain(certChain) - def handler(self, query): return 200, "I got:\n" + query diff --git a/scripts/rpki/https.py b/scripts/rpki/https.py index 7d89fe3e..078dce56 100644 --- a/scripts/rpki/https.py +++ b/scripts/rpki/https.py @@ -1,6 +1,6 @@ # $Id$ -import httplib, BaseHTTPServer, tlslite.api, glob +import httplib, BaseHTTPServer, tlslite.api, glob, rpki.x509 """ HTTPS utilities, both client and server. @@ -23,24 +23,11 @@ class CertInfo(object): f = open(self.cert_dir + myname + "-EE.key", "r") self.privateKey = tlslite.api.parsePEMKey(f.read(), private=True) f.close() + + chain = [rpki.x509.X509(PEM_file=PEM_file) for PEM_file in glob.glob(self.cert_dir + myname + "-*.cer")] + self.certChain = tlslite.api.X509CertChain([x.get_tlslite() for x in rpki.x509.sort_chain(chain)]) - chain = [] - for file in glob.glob(self.cert_dir + myname + "-*.cer"): - f = open(file, "r") - x509 = tlslite.api.X509() - x509.parse(f.read()) - f.close() - chain.append(x509) - self.certChain = tlslite.api.X509CertChain(chain) - - self.x509TrustList = [] - for file in glob.glob(self.cert_dir + "*-Root.cer"): - if file != self.cert_dir + myname + "-Root.cer": - f = open(file, "r") - x509 = tlslite.api.X509() - x509.parse(f.read()) - f.close() - self.x509TrustList.append(x509) + self.x509TrustList = [rpki.x509.X509(PEM_file=PEM_file).get_tlslite() for PEM_file in glob.glob(self.cert_dir + "*-Root.cer")] def client(msg, certInfo, host="localhost", port=4433, url="/"): httpc = tlslite.api.HTTPTLSConnection(host=host, diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py index 865a193e..cf433c88 100644 --- a/scripts/rpki/x509.py +++ b/scripts/rpki/x509.py @@ -96,7 +96,7 @@ class X509(object): def get_tlslite(self): assert not self.empty() if not self.tlslite: - cert = tlslite.X509.X509() + cert = tlslite.api.X509() cert.parseBinary(self.get_DER()) self.tlslite = cert return self.tlslite |