Remove issuer check and use unique serial and CA for multiple butterfly CA in broweser

2026-05-26 07:08:08 +00:00 · 2014-03-20 14:21:49 +01:00
parent a4d59a90f7
commit 4afcc99fe5
3 changed files with 6 additions and 12 deletions
--- a/butterfly.server.py
+++ b/butterfly.server.py
@@ -25,6 +25,7 @@ import ssl
 import getpass
 import os
 import stat
+import socket
 import sys


@@ -100,8 +101,8 @@ if tornado.options.options.generate_certs:
        ca_pk = crypto.PKey()
        ca_pk.generate_key(crypto.TYPE_RSA, 2048)
        ca_cert = crypto.X509()
-        ca_cert.get_subject().CN = 'Butterfly CA'
-        ca_cert.set_serial_number(100)
+        ca_cert.get_subject().CN = 'Butterfly CA on %s' % socket.gethostname()
+        ca_cert.set_serial_number(uuid.uuid4().int)
        ca_cert.gmtime_adj_notBefore(0)  # From now
        ca_cert.gmtime_adj_notAfter(315360000)  # to 10y
        ca_cert.set_issuer(ca_cert.get_subject())  # Self signed
@@ -120,7 +121,7 @@ if tornado.options.options.generate_certs:
    server_pk.generate_key(crypto.TYPE_RSA, 2048)
    server_cert = crypto.X509()
    server_cert.get_subject().CN = host
-    server_cert.set_serial_number(200)
+    server_cert.set_serial_number(uuid.uuid4().int)
    server_cert.gmtime_adj_notBefore(0)  # From now
    server_cert.gmtime_adj_notAfter(315360000)  # to 10y
    server_cert.set_issuer(ca_cert.get_subject())  # Signed by ca
--- a/butterfly/routes.py
+++ b/butterfly/routes.py
@@ -237,8 +237,7 @@ class TermWebSocket(Route, tornado.websocket.WebSocketHandler):
            if not self.callee and not self.user and self.socket.local:
                self.callee = self.caller
        else:
-            issuer, user = utils.parse_cert(self.request.get_ssl_certificate())
-            assert issuer == 'Butterfly CA', 'Invalid certificate issuer'
+            user = utils.parse_cert(self.request.get_ssl_certificate())
            assert user, 'No user in certificate'
            self.user = user
            try:
--- a/butterfly/utils.py
+++ b/butterfly/utils.py
@@ -26,20 +26,14 @@ log = getLogger('butterfly')


 def parse_cert(cert):
-    issuer = None
    user = None

-    for elt in cert['issuer']:
-        issuer = dict(elt).get('commonName', None)
-        if issuer:
-            break
-
    for elt in cert['subject']:
        user = dict(elt).get('commonName', None)
        if user:
            break

-    return issuer, user
+    return user


 class User(object):