Back to index

python-weblib  1.3.9
Functions | Variables
pyweblib.sslenv Namespace Reference

Functions

def GetAllSSLEnviron
def SecLevel
def PrintSecInfo

Variables

string __version__ = '0.6.3'

Detailed Description

pyweblib.sslenv.py - retrieve SSL data from environment vars
(C) by Michael Stroeder

This module is distributed under the terms of the
GPL (GNU GENERAL PUBLIC LICENSE) Version 2
(see http://www.gnu.org/copyleft/gpl.html)

$Id: sslenv.py,v 1.11 2011/04/16 13:57:25 michael Exp $

Function Documentation

def pyweblib.sslenv.GetAllSSLEnviron (   env = None)
Get all SSL-related environment vars and return mod_ssl
compatible dictionary.

mod_ssl compatible names are preferred. ApacheSSL names
are used as fallback.

Definition at line 18 of file sslenv.py.

00018 
00019 def GetAllSSLEnviron(env=None):
00020   """
00021   Get all SSL-related environment vars and return mod_ssl
00022   compatible dictionary.
00023 
00024   mod_ssl compatible names are preferred. ApacheSSL names
00025   are used as fallback.
00026   """
00027   env = env or os.environ
00028   if env.get('HTTPS','off')!='on':
00029     return {}
00030   SSLEnv = {}
00031   SSLEnv['SSL_CIPHER_ALGKEYSIZE'] = \
00032     env.get('SSL_CIPHER_ALGKEYSIZE',
00033     env.get('HTTPS_KEYSIZE',
00034     env.get('SSL_KEYSIZE',
00035     env.get('SSL_SERVER_KEY_SIZE',
00036     None))))
00037   SSLEnv['SSL_CIPHER_EXPORT'] = \
00038     env.get('SSL_CIPHER_EXPORT',
00039     env.get('HTTPS_EXPORT',
00040     env.get('SSL_EXPORT',
00041     None)))
00042   SSLEnv['SSL_CIPHER'] = \
00043     env.get('SSL_CIPHER',
00044     env.get('HTTPS_CIPHER',
00045     None))
00046   SSLEnv['SSL_CIPHER_USEKEYSIZE'] = \
00047     env.get('SSL_CIPHER_USEKEYSIZE',
00048     env.get('HTTPS_SECRETKEYSIZE',
00049     env.get('SSL_SECKEYSIZE',
00050     None)))
00051   SSLEnv['SSL_CLIENT_A_SIG'] = \
00052     env.get('SSL_CLIENT_A_SIG',
00053     env.get('SSL_CLIENT_SIGNATURE_ALGORITHM',
00054     None))
00055   SSLEnv['SSL_CLIENT_CERT'] = \
00056     env.get('SSL_CLIENT_CERT',
00057     env.get('SSL_CLIENT_CERTIFICATE',
00058     None))
00059   SSLEnv['SSL_CLIENT_I_DN'] = \
00060     env.get('SSL_CLIENT_I_DN',
00061     env.get('SSL_CLIENT_IDN',
00062     None))
00063   SSLEnv['SSL_CLIENT_I_DN_CN'] = \
00064     env.get('SSL_CLIENT_I_DN_CN',
00065     env.get('SSL_CLIENT_ICN',
00066     None))
00067   SSLEnv['SSL_CLIENT_I_DN_C'] = \
00068     env.get('SSL_CLIENT_I_DN_C',
00069     env.get('SSL_CLIENT_IC',
00070     None))
00071   SSLEnv['SSL_CLIENT_I_DN_Email'] = \
00072     env.get('SSL_CLIENT_I_DN_Email',
00073     env.get('SSL_CLIENT_IEMAIL',
00074     None))
00075   SSLEnv['SSL_CLIENT_I_DN_L'] = \
00076     env.get('SSL_CLIENT_I_DN_L',
00077     env.get('SSL_CLIENT_IL',
00078     None))
00079   SSLEnv['SSL_CLIENT_I_DN_O'] = \
00080     env.get('SSL_CLIENT_I_DN_O',
00081     env.get('SSL_CLIENT_IO',
00082     None))
00083   SSLEnv['SSL_CLIENT_I_DN_OU'] = \
00084     env.get('SSL_CLIENT_I_DN_OU',
00085     env.get('SSL_CLIENT_IOU',
00086     None))
00087   SSLEnv['SSL_CLIENT_I_DN_SP'] = \
00088     env.get('SSL_CLIENT_I_DN_SP',
00089     env.get('SSL_CLIENT_ISP',
00090     None))
00091   SSLEnv['SSL_CLIENT_M_SERIAL'] = \
00092     env.get('SSL_CLIENT_M_SERIAL',
00093     env.get('SSL_CLIENT_CERT_SERIAL',
00094     None))
00095   SSLEnv['SSL_CLIENT_S_DN'] = \
00096     env.get('SSL_CLIENT_S_DN',
00097     env.get('SSL_CLIENT_DN',
00098     None))
00099   SSLEnv['SSL_CLIENT_S_DN_CN'] = \
00100     env.get('SSL_CLIENT_S_DN_CN',
00101     env.get('SSL_CLIENT_CN',
00102     None))
00103   SSLEnv['SSL_CLIENT_S_DN_C'] = \
00104     env.get('SSL_CLIENT_S_DN_C',
00105     env.get('SSL_CLIENT_C',
00106     None))
00107   SSLEnv['SSL_CLIENT_S_DN_Email'] = \
00108     env.get('SSL_CLIENT_S_DN_Email',
00109     env.get('SSL_CLIENT_EMAIL',
00110     None))
00111   SSLEnv['SSL_CLIENT_S_DN_L'] = \
00112     env.get('SSL_CLIENT_S_DN_L',
00113     env.get('SSL_CLIENT_L',
00114     None))
00115   SSLEnv['SSL_CLIENT_S_DN_O'] = \
00116     env.get('SSL_CLIENT_S_DN_O',
00117     env.get('SSL_CLIENT_O',
00118     None))
00119   SSLEnv['SSL_CLIENT_S_DN_OU'] = \
00120     env.get('SSL_CLIENT_S_DN_OU',
00121     env.get('SSL_CLIENT_OU',
00122     None))
00123   SSLEnv['SSL_CLIENT_S_DN_SP'] = \
00124     env.get('SSL_CLIENT_S_DN_SP',
00125     env.get('SSL_CLIENT_SP',
00126     None))
00127   SSLEnv['SSL_CLIENT_V_END'] = \
00128     env.get('SSL_CLIENT_V_END',
00129     env.get('SSL_CLIENT_CERT_END',
00130     None))
00131   SSLEnv['SSL_CLIENT_V_START'] = \
00132     env.get('SSL_CLIENT_V_START',
00133     env.get('SSL_CLIENT_CERT_START',
00134     None))
00135   SSLEnv['SSL_PROTOCOL'] = \
00136     env.get('SSL_PROTOCOL',
00137     env.get('SSL_PROTOCOL_VERSION',
00138     None))
00139   SSLEnv['SSL_SERVER_A_SIG'] = \
00140     env.get('SSL_SERVER_A_SIG',
00141     env.get('SSL_SERVER_SIGNATURE_ALGORITHM',
00142     None))
00143   SSLEnv['SSL_SERVER_CERT'] = \
00144     env.get('SSL_SERVER_CERT',
00145     env.get('SSL_SERVER_CERTIFICATE',
00146     None))
00147   SSLEnv['SSL_SERVER_I_DN_CN'] = \
00148     env.get('SSL_SERVER_I_DN_CN',
00149     env.get('SSL_SERVER_ICN',
00150     None))
00151   SSLEnv['SSL_SERVER_I_DN_C'] = \
00152     env.get('SSL_SERVER_I_DN_C',
00153     env.get('SSL_SERVER_IC',
00154     None))
00155   SSLEnv['SSL_SERVER_I_DN_Email'] = \
00156     env.get('SSL_SERVER_I_DN_Email',
00157     env.get('SSL_SERVER_IEMAIL',
00158     None))
00159   SSLEnv['SSL_SERVER_I_DN_L'] = \
00160     env.get('SSL_SERVER_I_DN_L',
00161     env.get('SSL_SERVER_IL',
00162     None))
00163   SSLEnv['SSL_SERVER_I_DN_O'] = \
00164     env.get('SSL_SERVER_I_DN_O',
00165     env.get('SSL_SERVER_IO',
00166     None))
00167   SSLEnv['SSL_SERVER_I_DN'] = \
00168     env.get('SSL_SERVER_I_DN',
00169     env.get('SSL_SERVER_IDN',
00170     None))
00171   SSLEnv['SSL_SERVER_I_DN_OU'] = \
00172     env.get('SSL_SERVER_I_DN_OU',
00173     env.get('SSL_SERVER_IOU',
00174     None))
00175   SSLEnv['SSL_SERVER_I_DN_SP'] = \
00176     env.get('SSL_SERVER_I_DN_SP',
00177     env.get('SSL_SERVER_ISP',
00178     None))
00179   SSLEnv['SSL_SERVER_M_SERIAL'] = \
00180     env.get('SSL_SERVER_M_SERIAL',
00181     env.get('SSL_SERVER_CERT_SERIAL',
00182     None))
00183   SSLEnv['SSL_SERVER_S_DN'] = \
00184     env.get('SSL_SERVER_S_DN',
00185     env.get('SSL_SERVER_DN',
00186     None))
00187   SSLEnv['SSL_SERVER_S_DN_CN'] = \
00188     env.get('SSL_SERVER_S_DN_CN',
00189     env.get('SSL_SERVER_CN',
00190     None))
00191   SSLEnv['SSL_SERVER_S_DN_C'] = \
00192     env.get('SSL_SERVER_S_DN_C',
00193     env.get('SSL_SERVER_C',
00194     None))
00195   SSLEnv['SSL_SERVER_S_DN_Email'] = \
00196     env.get('SSL_SERVER_S_DN_Email',
00197     env.get('SSL_SERVER_EMAIL',
00198     None))
00199   SSLEnv['SSL_SERVER_S_DN_L'] = \
00200     env.get('SSL_SERVER_S_DN_L',
00201     env.get('SSL_SERVER_L',
00202     None))
00203   SSLEnv['SSL_SERVER_S_DN_O'] = \
00204     env.get('SSL_SERVER_S_DN_O',
00205     env.get('SSL_SERVER_O',
00206     None))
00207   SSLEnv['SSL_SERVER_S_DN_OU'] = \
00208     env.get('SSL_SERVER_S_DN_OU',
00209     env.get('SSL_SERVER_OU',
00210     None))
00211   SSLEnv['SSL_SERVER_S_DN_SP'] = \
00212     env.get('SSL_SERVER_S_DN_SP',
00213     env.get('SSL_SERVER_SP',
00214     None))
00215   SSLEnv['SSL_SERVER_V_END'] = \
00216     env.get('SSL_SERVER_V_END',
00217     env.get('SSL_SERVER_CERT_END',
00218     None))
00219   SSLEnv['SSL_SERVER_V_START'] = \
00220     env.get('SSL_SERVER_V_START',
00221     env.get('SSL_SERVER_CERT_START',
00222     None))
00223   SSLEnv['SSL_VERSION_LIBRARY'] = \
00224     env.get('SSL_VERSION_LIBRARY',
00225     env.get('SSL_SSLEAY_VERSION',
00226     None))
00227   return SSLEnv
00228 

Here is the caller graph for this function:

def pyweblib.sslenv.PrintSecInfo (   env,
  acceptedciphers,
  valid_dn_regex = '',
  valid_idn_regex = '',
  f = sys.stdout 
)
Print the SSL data in HTML format

Definition at line 256 of file sslenv.py.

00256 
00257 def PrintSecInfo(env,acceptedciphers,valid_dn_regex='',valid_idn_regex='',f=sys.stdout):
00258   """
00259   Print the SSL data in HTML format
00260   """
00261   seclevel = SecLevel(env,acceptedciphers,valid_dn_regex,valid_idn_regex)
00262   https_env = GetAllSSLEnviron(env)
00263   f.write("""<h3>Security level</h3>
00264 <p>Current security level is: <strong>%d</strong></p>
00265 <table cellspacing="5%%" summary="Possible SSL/TLS security levels">
00266 <tr>
00267   <td align=center width=10%%>0</td>
00268   <td>no encryption at all</td>
00269 </tr>
00270 <tr>
00271   <td align=center>1</td>
00272   <td>Session is encrypted with SSL and cipher is accepted</td>
00273 </tr>
00274 <tr>
00275   <td align=center>2</td>
00276   <td>
00277     Client presented valid certificate,
00278     the DN of the certified object matches &quot;<code>%s</code>&quot;
00279     and the DN of the certifier matches &quot;<code>%s</code>&quot;
00280   </td>
00281 </tr>
00282 </table>
00283    """ % (seclevel,valid_dn_regex,valid_idn_regex))
00284 
00285   if seclevel>=1:
00286     SSL_PROTOCOL = https_env.get('SSL_PROTOCOL')
00287     SSL_CIPHER_ALGKEYSIZE = https_env.get('SSL_CIPHER_ALGKEYSIZE')
00288     SSL_CIPHER = https_env.get('SSL_CIPHER')
00289     SSL_CIPHER_USEKEYSIZE = https_env.get('SSL_CIPHER_USEKEYSIZE')
00290     SSL_SERVER_S_DN = https_env.get('SSL_SERVER_S_DN')
00291     SSL_SERVER_I_DN = https_env.get('SSL_SERVER_I_DN')
00292 
00293     f.write("""<p><strong>%s</strong> connection with cipher <strong>%s</strong>,
00294 key size <strong>%s Bit</strong>, actually used key size <strong>%s Bit</strong>.</p>
00295 <h3>Server certificate</h3>
00296 <dl>
00297   <dt>Subject-DN:</dt>
00298   <dd>%s</dd>
00299   <dt>Issuer-DN:</dt>
00300   <dd>%s</dd>
00301 </dl>
00302 """ % (
00303   SSL_PROTOCOL,
00304   SSL_CIPHER,
00305   SSL_CIPHER_ALGKEYSIZE,
00306   SSL_CIPHER_USEKEYSIZE,
00307   escapeHTML(SSL_SERVER_S_DN),
00308   escapeHTML(SSL_SERVER_I_DN),
00309 ))
00310 
00311   if seclevel>=2:
00312 
00313     SSL_CLIENT_I_DN = https_env.get('SSL_CLIENT_I_DN',https_env.get('SSL_CLIENT_IDN','')
00314     )
00315     SSL_CLIENT_S_DN = https_env.get('SSL_CLIENT_S_DN',https_env.get('SSL_CLIENT_DN',''))
00316 
00317     f.write("""<h3>Your client certificate</h3>
00318 <dl>
00319   <dt>Subject-DN:</dt>
00320   <dd>%s</dd>
00321   <dt>Issuer-DN:</dt>
00322   <dd>%s</dd>
00323 </dl>
00324 """ % (
00325   escapeHTML(SSL_CLIENT_S_DN),
00326   escapeHTML(SSL_CLIENT_I_DN),
00327 ))
00328 

Here is the call graph for this function:

def pyweblib.sslenv.SecLevel (   env,
  acceptedciphers,
  valid_dn_regex = '',
  valid_idn_regex = '' 
)
Determine Security Level of SSL session.

Returns:
0  no SSL at all
1  SSL-connection and cipher used is in acceptedciphers
2  like 1 but client also has sent client certificate
   matching valid_dn_regex and valid_idn_regex.

Definition at line 229 of file sslenv.py.

00229 
00230 def SecLevel(env,acceptedciphers,valid_dn_regex='',valid_idn_regex=''):
00231   """
00232   Determine Security Level of SSL session.
00233 
00234   Returns:
00235   0  no SSL at all
00236   1  SSL-connection and cipher used is in acceptedciphers
00237   2  like 1 but client also has sent client certificate
00238      matching valid_dn_regex and valid_idn_regex.
00239   """
00240   https_env = GetAllSSLEnviron(env)
00241   if https_env and https_env.get('SSL_CIPHER','') in acceptedciphers:
00242     ssl_client_s_dn = https_env.get('SSL_CLIENT_S_DN','')
00243     if ssl_client_s_dn:
00244       ssl_client_i_dn = https_env.get('SSL_CLIENT_I_DN','')
00245       dn_rm = re.compile(valid_dn_regex).match(ssl_client_s_dn)
00246       idn_rm = re.compile(valid_idn_regex).match(ssl_client_i_dn)
00247       if (dn_rm) and (idn_rm):
00248         return 2
00249       else:
00250         return 1
00251     else:
00252       return 1
00253   else:
00254     return 0
00255 

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

string pyweblib.sslenv.__version__ = '0.6.3'

Definition at line 12 of file sslenv.py.