414 lines
20 KiB
Diff
414 lines
20 KiB
Diff
|
From 001fd99f209dce1ee853df87fc4e0627db3bc930 Mon Sep 17 00:00:00 2001
|
|||
|
From: Glyph <code@glyph.im>
|
|||
|
Date: Wed, 14 Jun 2023 13:41:33 -0700
|
|||
|
Subject: [PATCH 1/4] regenerate certificate to work with latest
|
|||
|
service_identity
|
|||
|
|
|||
|
also rewrite all the logic using cryptography rather than pyopenssl
|
|||
|
---
|
|||
|
src/twisted/newsfragments/11877.misc | 0
|
|||
|
src/twisted/test/cert.pem.no_trailing_newline | 40 ++--
|
|||
|
src/twisted/test/key.pem.no_trailing_newline | 55 +++---
|
|||
|
src/twisted/test/server.pem | 178 ++++++++++--------
|
|||
|
4 files changed, 150 insertions(+), 123 deletions(-)
|
|||
|
create mode 100644 src/twisted/newsfragments/11877.misc
|
|||
|
|
|||
|
diff --git a/src/twisted/newsfragments/11877.misc b/src/twisted/newsfragments/11877.misc
|
|||
|
new file mode 100644
|
|||
|
index 00000000000..e69de29bb2d
|
|||
|
diff --git a/src/twisted/test/cert.pem.no_trailing_newline b/src/twisted/test/cert.pem.no_trailing_newline
|
|||
|
index 59f1bae563e..11eb4db8119 100644
|
|||
|
--- a/src/twisted/test/cert.pem.no_trailing_newline
|
|||
|
+++ b/src/twisted/test/cert.pem.no_trailing_newline
|
|||
|
@@ -1,23 +1,25 @@
|
|||
|
-----BEGIN CERTIFICATE-----
|
|||
|
-MIID6DCCAtACAwtEVjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMCVFIxDzAN
|
|||
|
-BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv
|
|||
|
-Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb
|
|||
|
-QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1
|
|||
|
-cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0yMjA4MjMyMzUyNTJaGA8yMTIyMDcz
|
|||
|
-MDIzNTI1MlowgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV
|
|||
|
-BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3
|
|||
|
+MIIEJDCCAwygAwIBAgIUKaSXgzt5gDMt9GbUzLz/A9HEyFEwDQYJKoZIhvcNAQEL
|
|||
|
+BQAwgb0xGDAWBgNVBAMMD0EgSG9zdCwgTG9jYWxseTELMAkGA1UEBhMCVFIxDzAN
|
|||
|
+BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExHDAaBgNVBAoME1R3
|
|||
|
aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1
|
|||
|
dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j
|
|||
|
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Gk1skmQfONi+GdM2
|
|||
|
-Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6KtAI
|
|||
|
-rVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sODELN
|
|||
|
-rzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF8jLu
|
|||
|
-o1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZqHHf
|
|||
|
-CSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXkgRd3
|
|||
|
-9Yy9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABuOxiDnfrjQjbP4ZWrDj+doK8Zk
|
|||
|
-CUwtyM3gFVF1LBZxBCxVa6hzD2N7/1o0+KHjmiGks7SnXb6aG2nEqypciZ4xkPjt
|
|||
|
-wVIcTWCW8ddPrfMi4/esiQFlPck1p3QSfkPiAgHAjJiDDqDtqsMKr+5AkUaHlqjR
|
|||
|
-VV3YE27x/QyLZbV7igiTPdh1fTV7+Yl8VHpBdnMRUVTFoZaIiCe0efmqsvzBd73A
|
|||
|
-c75aKTwu6cPQ9dH/gIEOHCvrgweED7ZcabT7h/k7DXL2zhnJTPmQSJLWjfQebJOu
|
|||
|
-4l1p7tn35xbjqu906l4iII+YqWCAj/gNT2qdcIWQmxg/reg2tRbU7Nv3M0c=
|
|||
|
+b20wIBcNMjMwNjE0MTM0MDI4WhgPMjEyMzA1MjExMzQwMjhaMIG9MRgwFgYDVQQD
|
|||
|
+DA9BIEhvc3QsIExvY2FsbHkxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0x
|
|||
|
+FDASBgNVBAcMC0JhxZ9tYWvDp8SxMRwwGgYDVQQKDBNUd2lzdGVkIE1hdHJpeCBM
|
|||
|
+YWJzMSQwIgYDVQQLDBtBdXRvbWF0ZWQgVGVzdGluZyBBdXRob3JpdHkxKTAnBgkq
|
|||
|
+hkiG9w0BCQEWGnNlY3VyaXR5QHR3aXN0ZWRtYXRyaXguY29tMIIBIjANBgkqhkiG
|
|||
|
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiY
|
|||
|
+jsVeJAOtHAYq8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6d
|
|||
|
+W1zZ8Tllunbdb/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR
|
|||
|
+8V/y+8dG3mR5W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1d
|
|||
|
+yHPMVkUHJF9Jsuj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLt
|
|||
|
+WnsCEJDV9owCjaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABoxgwFjAU
|
|||
|
+BgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAEHAErq/Fs8h
|
|||
|
+M+kwGCt5Ochqyu/IzPbwgQ27n5IJehl7kmpoXBxGa/u+ajoxrZaOheg8E2MYVwQi
|
|||
|
+FTKE9wJgaN3uGo4bzCbCYxDm7tflQORo6QOZlumfiQIzXON2RvgJpwFfkLNtq0t9
|
|||
|
+e453kJ7+e11Wah46bc3RAvBZpwswh6hDv2FvFUZ+IUcO0tU8O4kWrLIFPpJbcHQq
|
|||
|
+wezjky773X4CNEtoeuTb8/ws/eED/TGZ2AZO+BWT93OZJgwE2x3iUd3k8HbwxfoY
|
|||
|
+bZ+NHgtM7iKRcL59asB0OMi3Ays0+IOfZ1+3aB82zYlxFBoDyalR7NJjJGdTwNFt
|
|||
|
+3CPGCQ28cDk=
|
|||
|
-----END CERTIFICATE-----
|
|||
|
\ No newline at end of file
|
|||
|
diff --git a/src/twisted/test/key.pem.no_trailing_newline b/src/twisted/test/key.pem.no_trailing_newline
|
|||
|
index 63845f8249f..5d489fd73ac 100644
|
|||
|
--- a/src/twisted/test/key.pem.no_trailing_newline
|
|||
|
+++ b/src/twisted/test/key.pem.no_trailing_newline
|
|||
|
@@ -1,28 +1,27 @@
|
|||
|
------BEGIN PRIVATE KEY-----
|
|||
|
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9Gk1skmQfONi+
|
|||
|
-GdM2Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6
|
|||
|
-KtAIrVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sO
|
|||
|
-DELNrzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF
|
|||
|
-8jLuo1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZ
|
|||
|
-qHHfCSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXk
|
|||
|
-gRd39Yy9AgMBAAECggEAIvGt1f7VRpm8H6DpEVIdvX/gMNCqTqZ7rTcWaVmpWj5Q
|
|||
|
-lsxflfoNDNetjkZ95PdnmJ9i/BzI+MzPj48Cw1+5GMs7UCE3EshuOV1S/Ic0GsLB
|
|||
|
-HeiOYaQjVZSgqiPtBy5A3Rl05T1yTtUzpZxpadXTONS5c8HBXRyLewId8NFDY9ls
|
|||
|
-76PYRq4ui7QGOmXw7VAVzg/7RxcupuSkecE7472Ek1jtEdRdplBga/XE5/+FZhrr
|
|||
|
-NyAdVo/1VD8zpaenWiBgfqJTVc/VRBaE0kLa777E++ruqGGz/c5cQPOWzEp0vPbi
|
|||
|
-kXz16X2TQDeTe6QfBBYjzD2+LyJh2TXfRtEn56MtJwKBgQDaTzHFOoiPS0+JpOBH
|
|||
|
-yW2gIFigEH70Hi++m0okmewGLTGrjOsIVWx8u5QFMANEYXeXIT7sM1eyONYjtxNC
|
|||
|
-gpeLyyN9zTyLPWdx3CzNodY2Dg/irTZtPQp7/efAHcn7kW8V0OxCGTyXAzdhKXmN
|
|||
|
-thN9KMk6peQMU8L4FqypNznFrwKBgQDdwD0NBxqNk3/Q/qih2EJUOO7uuPAZnTJf
|
|||
|
-neRnY4Pc94ticdQbd03ZArP3ybl9wWy+Ri9D+I9P753Hyfb7BSKwwIyYRgxSjGU/
|
|||
|
-wqcmv0V/mSY7N4eCDaXqEjdovaZ76d3L60FPH5rJbn7yHZBYWaSqXgk0HDYUmQwg
|
|||
|
-huPLNu8bUwKBgQCH/rGohbAwY9/mhRlaXva1u7C59czAUlW3zZFAf8pyhpDcp2p6
|
|||
|
-xIxSn5+0I5bFcFpJgWJrTgihc5qioReUZTn20dMIOWQv8U6RtXELoHeLMPNgaDrx
|
|||
|
-jgcL+r32BhifaJfk5UNoYcRG5rAHDQk16Gj3nQLOUC1iKIPafHWO7GJG7QKBgQCj
|
|||
|
-yVfOhY6xP17K6S14zRjAyISCQorlAFyyjxai3rgIv7Zt8hFucAJJ5Vs0DAU7w2Ak
|
|||
|
-cgZ7N93ydtOdO6l24uYqky3FUwfK+PPX0lhPoDse8elxF6S5BIeliervLBUJtUUj
|
|||
|
-VxIX9QoI+do9zmRNPXkIdQhrOuMe96Qjaj5aXKrjDQKBgBS2LGghCFgqaxtHeIpl
|
|||
|
-RLOnpxLaiitGH412O6VKHkkXaNYEOlbtFVlPuE1zHeyIvLQb666lW/w0+HMmfMTU
|
|||
|
-SQI2gIndUb6pMzLjZUrCyYz618EoAmhx6+VnbRSY+iSEIdYqx6VBl0HY9RWJa18H
|
|||
|
-4LPzH6dfRnKf2jCer3DtWALD
|
|||
|
------END PRIVATE KEY-----
|
|||
|
\ No newline at end of file
|
|||
|
+-----BEGIN RSA PRIVATE KEY-----
|
|||
|
+MIIEogIBAAKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiYjsVeJAOtHAYq
|
|||
|
+8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6dW1zZ8Tllunbd
|
|||
|
+b/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR8V/y+8dG3mR5
|
|||
|
+W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1dyHPMVkUHJF9J
|
|||
|
+suj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLtWnsCEJDV9owC
|
|||
|
+jaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABAoH/Ib7aSjKDHXTaFV58
|
|||
|
+lFBZftI6AMJQc+Ncgno99J+ndB0inFpghmfpw6gvRn5wphAt/mlXbx7IW0X1cali
|
|||
|
+WefBC7NAbx1qrBmusnnUuc0lGn0WzcY7sLHiXWQ8J9qiUUGDyCnGKWbofN9VpCYg
|
|||
|
+7VJMl4IVWNb9/t7fQcY3GXFEeQ4mzLo7p+gPxyeUcCLVrhVrHzw1HFTIlA51LjfI
|
|||
|
+xQM+QVeaEWQQ4UsDdPe5iGthDd7ze2F5ciDzMkShrf7URSudS+Us6vr6gDVpKAky
|
|||
|
+eCVyFPJXCfH4qJoa6mB6L6SFzMnN3OPp3RlYQWQ7sK/ELQfhPoyHyRvL1woUIO5C
|
|||
|
+tK0pAoGBAPS6ZSZ26M0guZ2K/2fKMiGq0jZQLcxP3N0jWm8R8ENOnuIjhCl5aKsB
|
|||
|
+DoV0BvPv1C2vWm+VgNArgTece9l8o5f8pcfjbT5r/k8zoqgcj9CmmDofBka4XxZb
|
|||
|
+wxsut+8rBSIoVKIre4Pyqfa9u1IrEnoOzMqvF16xUME2t2EaryUzAoGBANxpb4Jz
|
|||
|
+FjH7nfPc3iejd+cXovX6x2VTJzWaknA6hGsoc+UZ01KTaKyYpq+9q9VxXhWxYsh3
|
|||
|
+TL1JWuIBy6ao5tdt4nPBu07J7tfu5bfr3Imd8waNQxDEfKeFedskxORs+FIUzqBb
|
|||
|
+3nIkQH8sx0Syv620coIdtEn1raVXc9QfRgSVAoGAWNFhLoGPYgsTcnrk0N1QLmnZ
|
|||
|
+mv6kcHc3mEZhZtgi07qv7TCooYi/lPhwNbzzXQrYfbAbaU3gDy0K24z+YeNbWCjI
|
|||
|
+XfBLUJFPHZ2G1e5vv3EG5GkoFPiLAglRmQbumG2LkmcCuEyBqlSinLslRd/997Bx
|
|||
|
+YMoE+EfwH/9ktGhD0oMCgYEAxaSqAFDQ00ssjTM95k94Qjn4wBf7WwmgfDm6HHbs
|
|||
|
+rOZeXk61JzPVxgcwWSB8iG4bDtq8mMQZhRbVLxqrEiwcq4r2aBSNsI305Z5sUWtn
|
|||
|
+m+ONvA9J1yxKFzHiXjbvc2GfnoLX8gXPR4zoZOGzYg/jP5EyqSiXtUZfSodL7yeH
|
|||
|
+8q0CgYEA2OzA59AITJe8jhC5JsVbLs7Rj4kFTjD+iZ8P86FnWBf1iDeuywEZJqvG
|
|||
|
+n6SNK4KczDJ//DBV06w4L6iwe5iOCdf06+V7Hnkbvrjk0ONnXX7VXNgJ3/e7aJTx
|
|||
|
+gE42Ug0qu6lXtEfYqlhQoF2lAtnYq0fty/XWMVfpjVuh1lyd4C4=
|
|||
|
+-----END RSA PRIVATE KEY-----
|
|||
|
\ No newline at end of file
|
|||
|
diff --git a/src/twisted/test/server.pem b/src/twisted/test/server.pem
|
|||
|
index 0c633e6e9e3..6d2be8be95b 100644
|
|||
|
--- a/src/twisted/test/server.pem
|
|||
|
+++ b/src/twisted/test/server.pem
|
|||
|
@@ -1,97 +1,123 @@
|
|||
|
# coding: utf-8
|
|||
|
|
|||
|
-from inspect import getsource
|
|||
|
-from datetime import datetime
|
|||
|
|
|||
|
-from OpenSSL.crypto import FILETYPE_PEM, TYPE_RSA, X509, PKey, dump_privatekey, dump_certificate
|
|||
|
+from datetime import datetime, timedelta
|
|||
|
+from inspect import getsource
|
|||
|
|
|||
|
-key = PKey()
|
|||
|
-key.generate_key(TYPE_RSA, 2048)
|
|||
|
+from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key
|
|||
|
+from cryptography.hazmat.primitives.hashes import SHA256
|
|||
|
+from cryptography.hazmat.primitives.serialization import (
|
|||
|
+ Encoding,
|
|||
|
+ NoEncryption,
|
|||
|
+ PrivateFormat,
|
|||
|
+)
|
|||
|
+from cryptography.x509 import (
|
|||
|
+ CertificateBuilder,
|
|||
|
+ Name,
|
|||
|
+ NameAttribute,
|
|||
|
+ NameOID,
|
|||
|
+ SubjectAlternativeName,
|
|||
|
+ DNSName,
|
|||
|
+ random_serial_number,
|
|||
|
+)
|
|||
|
|
|||
|
-cert = X509()
|
|||
|
-issuer = cert.get_issuer()
|
|||
|
-subject = cert.get_subject()
|
|||
|
+pk = generate_private_key(key_size=2048, public_exponent=65537)
|
|||
|
|
|||
|
-for dn in [issuer, subject]:
|
|||
|
- dn.C = b"TR"
|
|||
|
- dn.ST = "Çorum".encode("utf-8")
|
|||
|
- dn.L = "Başmakçı".encode("utf-8")
|
|||
|
- dn.CN = b"localhost"
|
|||
|
- dn.O = b"Twisted Matrix Labs"
|
|||
|
- dn.OU = b"Automated Testing Authority"
|
|||
|
- dn.emailAddress = b"security@twistedmatrix.com"
|
|||
|
+me = Name(
|
|||
|
+ [
|
|||
|
+ NameAttribute(NameOID.COMMON_NAME, "A Host, Locally"),
|
|||
|
+ NameAttribute(NameOID.COUNTRY_NAME, "TR"),
|
|||
|
+ NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Çorum"),
|
|||
|
+ NameAttribute(NameOID.LOCALITY_NAME, "Başmakçı"),
|
|||
|
+ NameAttribute(NameOID.ORGANIZATION_NAME, "Twisted Matrix Labs"),
|
|||
|
+ NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Automated Testing Authority"),
|
|||
|
+ NameAttribute(NameOID.EMAIL_ADDRESS, "security@twistedmatrix.com"),
|
|||
|
+ ]
|
|||
|
+)
|
|||
|
|
|||
|
-cert.set_serial_number(datetime.now().toordinal())
|
|||
|
-cert.gmtime_adj_notBefore(0)
|
|||
|
-cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 100)
|
|||
|
+certificate_bytes = (
|
|||
|
+ CertificateBuilder()
|
|||
|
+ .serial_number(random_serial_number())
|
|||
|
+ .not_valid_before(datetime.now())
|
|||
|
+ .not_valid_after(datetime.now() + timedelta(seconds=60 * 60 * 24 * 365 * 100))
|
|||
|
+ .subject_name(me)
|
|||
|
+ .add_extension(SubjectAlternativeName([DNSName("localhost")]), False)
|
|||
|
+ .issuer_name(me)
|
|||
|
+ .public_key(pk.public_key())
|
|||
|
+ .sign(pk, algorithm=SHA256())
|
|||
|
+).public_bytes(Encoding.PEM)
|
|||
|
|
|||
|
-cert.set_pubkey(key)
|
|||
|
-cert.sign(key, "sha256")
|
|||
|
+privkey_bytes = pk.private_bytes(
|
|||
|
+ Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption()
|
|||
|
+)
|
|||
|
|
|||
|
import __main__
|
|||
|
+
|
|||
|
source = getsource(__main__)
|
|||
|
source = source.split("\n" + "-" * 5)[0].rsplit("\n", 1)[0]
|
|||
|
with open("server.pem", "w") as fObj:
|
|||
|
fObj.write(source)
|
|||
|
fObj.write("\n")
|
|||
|
- fObj.write("'''\n")
|
|||
|
- fObj.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))
|
|||
|
- fObj.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii"))
|
|||
|
- fObj.write("'''\n")
|
|||
|
+ fObj.write('"""\n')
|
|||
|
+ fObj.write(privkey_bytes.decode("ascii"))
|
|||
|
+ fObj.write(certificate_bytes.decode("ascii"))
|
|||
|
+ fObj.write('"""\n')
|
|||
|
with open(b"key.pem.no_trailing_newline", "w") as fObj:
|
|||
|
- fObj.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii").rstrip('\n'))
|
|||
|
+ fObj.write(privkey_bytes.decode("ascii").rstrip("\n"))
|
|||
|
with open(b"cert.pem.no_trailing_newline", "w") as fObj:
|
|||
|
- fObj.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii").rstrip('\n'))
|
|||
|
-'''
|
|||
|
------BEGIN PRIVATE KEY-----
|
|||
|
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9Gk1skmQfONi+
|
|||
|
-GdM2Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6
|
|||
|
-KtAIrVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sO
|
|||
|
-DELNrzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF
|
|||
|
-8jLuo1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZ
|
|||
|
-qHHfCSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXk
|
|||
|
-gRd39Yy9AgMBAAECggEAIvGt1f7VRpm8H6DpEVIdvX/gMNCqTqZ7rTcWaVmpWj5Q
|
|||
|
-lsxflfoNDNetjkZ95PdnmJ9i/BzI+MzPj48Cw1+5GMs7UCE3EshuOV1S/Ic0GsLB
|
|||
|
-HeiOYaQjVZSgqiPtBy5A3Rl05T1yTtUzpZxpadXTONS5c8HBXRyLewId8NFDY9ls
|
|||
|
-76PYRq4ui7QGOmXw7VAVzg/7RxcupuSkecE7472Ek1jtEdRdplBga/XE5/+FZhrr
|
|||
|
-NyAdVo/1VD8zpaenWiBgfqJTVc/VRBaE0kLa777E++ruqGGz/c5cQPOWzEp0vPbi
|
|||
|
-kXz16X2TQDeTe6QfBBYjzD2+LyJh2TXfRtEn56MtJwKBgQDaTzHFOoiPS0+JpOBH
|
|||
|
-yW2gIFigEH70Hi++m0okmewGLTGrjOsIVWx8u5QFMANEYXeXIT7sM1eyONYjtxNC
|
|||
|
-gpeLyyN9zTyLPWdx3CzNodY2Dg/irTZtPQp7/efAHcn7kW8V0OxCGTyXAzdhKXmN
|
|||
|
-thN9KMk6peQMU8L4FqypNznFrwKBgQDdwD0NBxqNk3/Q/qih2EJUOO7uuPAZnTJf
|
|||
|
-neRnY4Pc94ticdQbd03ZArP3ybl9wWy+Ri9D+I9P753Hyfb7BSKwwIyYRgxSjGU/
|
|||
|
-wqcmv0V/mSY7N4eCDaXqEjdovaZ76d3L60FPH5rJbn7yHZBYWaSqXgk0HDYUmQwg
|
|||
|
-huPLNu8bUwKBgQCH/rGohbAwY9/mhRlaXva1u7C59czAUlW3zZFAf8pyhpDcp2p6
|
|||
|
-xIxSn5+0I5bFcFpJgWJrTgihc5qioReUZTn20dMIOWQv8U6RtXELoHeLMPNgaDrx
|
|||
|
-jgcL+r32BhifaJfk5UNoYcRG5rAHDQk16Gj3nQLOUC1iKIPafHWO7GJG7QKBgQCj
|
|||
|
-yVfOhY6xP17K6S14zRjAyISCQorlAFyyjxai3rgIv7Zt8hFucAJJ5Vs0DAU7w2Ak
|
|||
|
-cgZ7N93ydtOdO6l24uYqky3FUwfK+PPX0lhPoDse8elxF6S5BIeliervLBUJtUUj
|
|||
|
-VxIX9QoI+do9zmRNPXkIdQhrOuMe96Qjaj5aXKrjDQKBgBS2LGghCFgqaxtHeIpl
|
|||
|
-RLOnpxLaiitGH412O6VKHkkXaNYEOlbtFVlPuE1zHeyIvLQb666lW/w0+HMmfMTU
|
|||
|
-SQI2gIndUb6pMzLjZUrCyYz618EoAmhx6+VnbRSY+iSEIdYqx6VBl0HY9RWJa18H
|
|||
|
-4LPzH6dfRnKf2jCer3DtWALD
|
|||
|
------END PRIVATE KEY-----
|
|||
|
+ fObj.write(certificate_bytes.decode("ascii").rstrip("\n"))
|
|||
|
+
|
|||
|
+"""
|
|||
|
+-----BEGIN RSA PRIVATE KEY-----
|
|||
|
+MIIEogIBAAKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiYjsVeJAOtHAYq
|
|||
|
+8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6dW1zZ8Tllunbd
|
|||
|
+b/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR8V/y+8dG3mR5
|
|||
|
+W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1dyHPMVkUHJF9J
|
|||
|
+suj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLtWnsCEJDV9owC
|
|||
|
+jaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABAoH/Ib7aSjKDHXTaFV58
|
|||
|
+lFBZftI6AMJQc+Ncgno99J+ndB0inFpghmfpw6gvRn5wphAt/mlXbx7IW0X1cali
|
|||
|
+WefBC7NAbx1qrBmusnnUuc0lGn0WzcY7sLHiXWQ8J9qiUUGDyCnGKWbofN9VpCYg
|
|||
|
+7VJMl4IVWNb9/t7fQcY3GXFEeQ4mzLo7p+gPxyeUcCLVrhVrHzw1HFTIlA51LjfI
|
|||
|
+xQM+QVeaEWQQ4UsDdPe5iGthDd7ze2F5ciDzMkShrf7URSudS+Us6vr6gDVpKAky
|
|||
|
+eCVyFPJXCfH4qJoa6mB6L6SFzMnN3OPp3RlYQWQ7sK/ELQfhPoyHyRvL1woUIO5C
|
|||
|
+tK0pAoGBAPS6ZSZ26M0guZ2K/2fKMiGq0jZQLcxP3N0jWm8R8ENOnuIjhCl5aKsB
|
|||
|
+DoV0BvPv1C2vWm+VgNArgTece9l8o5f8pcfjbT5r/k8zoqgcj9CmmDofBka4XxZb
|
|||
|
+wxsut+8rBSIoVKIre4Pyqfa9u1IrEnoOzMqvF16xUME2t2EaryUzAoGBANxpb4Jz
|
|||
|
+FjH7nfPc3iejd+cXovX6x2VTJzWaknA6hGsoc+UZ01KTaKyYpq+9q9VxXhWxYsh3
|
|||
|
+TL1JWuIBy6ao5tdt4nPBu07J7tfu5bfr3Imd8waNQxDEfKeFedskxORs+FIUzqBb
|
|||
|
+3nIkQH8sx0Syv620coIdtEn1raVXc9QfRgSVAoGAWNFhLoGPYgsTcnrk0N1QLmnZ
|
|||
|
+mv6kcHc3mEZhZtgi07qv7TCooYi/lPhwNbzzXQrYfbAbaU3gDy0K24z+YeNbWCjI
|
|||
|
+XfBLUJFPHZ2G1e5vv3EG5GkoFPiLAglRmQbumG2LkmcCuEyBqlSinLslRd/997Bx
|
|||
|
+YMoE+EfwH/9ktGhD0oMCgYEAxaSqAFDQ00ssjTM95k94Qjn4wBf7WwmgfDm6HHbs
|
|||
|
+rOZeXk61JzPVxgcwWSB8iG4bDtq8mMQZhRbVLxqrEiwcq4r2aBSNsI305Z5sUWtn
|
|||
|
+m+ONvA9J1yxKFzHiXjbvc2GfnoLX8gXPR4zoZOGzYg/jP5EyqSiXtUZfSodL7yeH
|
|||
|
+8q0CgYEA2OzA59AITJe8jhC5JsVbLs7Rj4kFTjD+iZ8P86FnWBf1iDeuywEZJqvG
|
|||
|
+n6SNK4KczDJ//DBV06w4L6iwe5iOCdf06+V7Hnkbvrjk0ONnXX7VXNgJ3/e7aJTx
|
|||
|
+gE42Ug0qu6lXtEfYqlhQoF2lAtnYq0fty/XWMVfpjVuh1lyd4C4=
|
|||
|
+-----END RSA PRIVATE KEY-----
|
|||
|
-----BEGIN CERTIFICATE-----
|
|||
|
-MIID6DCCAtACAwtEVjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMCVFIxDzAN
|
|||
|
-BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv
|
|||
|
-Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb
|
|||
|
-QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1
|
|||
|
-cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0yMjA4MjMyMzUyNTJaGA8yMTIyMDcz
|
|||
|
-MDIzNTI1MlowgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV
|
|||
|
-BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3
|
|||
|
+MIIEJDCCAwygAwIBAgIUKaSXgzt5gDMt9GbUzLz/A9HEyFEwDQYJKoZIhvcNAQEL
|
|||
|
+BQAwgb0xGDAWBgNVBAMMD0EgSG9zdCwgTG9jYWxseTELMAkGA1UEBhMCVFIxDzAN
|
|||
|
+BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExHDAaBgNVBAoME1R3
|
|||
|
aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1
|
|||
|
dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j
|
|||
|
-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Gk1skmQfONi+GdM2
|
|||
|
-Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6KtAI
|
|||
|
-rVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sODELN
|
|||
|
-rzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF8jLu
|
|||
|
-o1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZqHHf
|
|||
|
-CSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXkgRd3
|
|||
|
-9Yy9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABuOxiDnfrjQjbP4ZWrDj+doK8Zk
|
|||
|
-CUwtyM3gFVF1LBZxBCxVa6hzD2N7/1o0+KHjmiGks7SnXb6aG2nEqypciZ4xkPjt
|
|||
|
-wVIcTWCW8ddPrfMi4/esiQFlPck1p3QSfkPiAgHAjJiDDqDtqsMKr+5AkUaHlqjR
|
|||
|
-VV3YE27x/QyLZbV7igiTPdh1fTV7+Yl8VHpBdnMRUVTFoZaIiCe0efmqsvzBd73A
|
|||
|
-c75aKTwu6cPQ9dH/gIEOHCvrgweED7ZcabT7h/k7DXL2zhnJTPmQSJLWjfQebJOu
|
|||
|
-4l1p7tn35xbjqu906l4iII+YqWCAj/gNT2qdcIWQmxg/reg2tRbU7Nv3M0c=
|
|||
|
+b20wIBcNMjMwNjE0MTM0MDI4WhgPMjEyMzA1MjExMzQwMjhaMIG9MRgwFgYDVQQD
|
|||
|
+DA9BIEhvc3QsIExvY2FsbHkxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0x
|
|||
|
+FDASBgNVBAcMC0JhxZ9tYWvDp8SxMRwwGgYDVQQKDBNUd2lzdGVkIE1hdHJpeCBM
|
|||
|
+YWJzMSQwIgYDVQQLDBtBdXRvbWF0ZWQgVGVzdGluZyBBdXRob3JpdHkxKTAnBgkq
|
|||
|
+hkiG9w0BCQEWGnNlY3VyaXR5QHR3aXN0ZWRtYXRyaXguY29tMIIBIjANBgkqhkiG
|
|||
|
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiY
|
|||
|
+jsVeJAOtHAYq8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6d
|
|||
|
+W1zZ8Tllunbdb/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR
|
|||
|
+8V/y+8dG3mR5W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1d
|
|||
|
+yHPMVkUHJF9Jsuj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLt
|
|||
|
+WnsCEJDV9owCjaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABoxgwFjAU
|
|||
|
+BgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAEHAErq/Fs8h
|
|||
|
+M+kwGCt5Ochqyu/IzPbwgQ27n5IJehl7kmpoXBxGa/u+ajoxrZaOheg8E2MYVwQi
|
|||
|
+FTKE9wJgaN3uGo4bzCbCYxDm7tflQORo6QOZlumfiQIzXON2RvgJpwFfkLNtq0t9
|
|||
|
+e453kJ7+e11Wah46bc3RAvBZpwswh6hDv2FvFUZ+IUcO0tU8O4kWrLIFPpJbcHQq
|
|||
|
+wezjky773X4CNEtoeuTb8/ws/eED/TGZ2AZO+BWT93OZJgwE2x3iUd3k8HbwxfoY
|
|||
|
+bZ+NHgtM7iKRcL59asB0OMi3Ays0+IOfZ1+3aB82zYlxFBoDyalR7NJjJGdTwNFt
|
|||
|
+3CPGCQ28cDk=
|
|||
|
-----END CERTIFICATE-----
|
|||
|
-'''
|
|||
|
+"""
|
|||
|
|
|||
|
From 1f0c2a3a774d89fb10782a8abf62e219d1f4818f Mon Sep 17 00:00:00 2001
|
|||
|
From: Glyph <code@glyph.im>
|
|||
|
Date: Wed, 14 Jun 2023 14:06:56 -0700
|
|||
|
Subject: [PATCH 2/4] todo server.pem should generate this too
|
|||
|
|
|||
|
---
|
|||
|
src/twisted/protocols/test/test_tls.py | 7 ++++---
|
|||
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
|||
|
|
|||
|
diff --git a/src/twisted/protocols/test/test_tls.py b/src/twisted/protocols/test/test_tls.py
|
|||
|
index 5915d6bc5b2..37de80feb9f 100644
|
|||
|
--- a/src/twisted/protocols/test/test_tls.py
|
|||
|
+++ b/src/twisted/protocols/test/test_tls.py
|
|||
|
@@ -522,9 +522,10 @@ def cbHandshook(ignored):
|
|||
|
self.assertIsInstance(cert, crypto.X509)
|
|||
|
self.assertEqual(
|
|||
|
cert.digest("sha256"),
|
|||
|
- # openssl x509 -noout -sha256 -fingerprint -in server.pem
|
|||
|
- b"C4:F5:8E:9D:A0:AC:85:24:9B:2D:AA:2C:EC:87:DB:5F:33:22:94:"
|
|||
|
- b"01:94:DC:D3:42:4C:E4:B9:F5:0F:45:F2:24",
|
|||
|
+ # openssl x509 -noout -sha256 -fingerprint
|
|||
|
+ # -in src/twisted/test/server.pem
|
|||
|
+ b"D6:F2:2C:74:3B:E2:5E:F9:CA:DA:47:08:14:78:20:75:78:95:9E:52"
|
|||
|
+ b":BD:D2:7C:77:DD:D4:EE:DE:33:BF:34:40",
|
|||
|
)
|
|||
|
|
|||
|
handshakeDeferred.addCallback(cbHandshook)
|
|||
|
|
|||
|
From 137a3a6fa27374ecb879c67557197a3f0b37aab1 Mon Sep 17 00:00:00 2001
|
|||
|
From: Glyph <code@glyph.im>
|
|||
|
Date: Wed, 14 Jun 2023 14:08:13 -0700
|
|||
|
Subject: [PATCH 3/4] address review
|
|||
|
|
|||
|
---
|
|||
|
src/twisted/test/server.pem | 2 +-
|
|||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|||
|
|
|||
|
diff --git a/src/twisted/test/server.pem b/src/twisted/test/server.pem
|
|||
|
index 6d2be8be95b..33fdbbd1cac 100644
|
|||
|
--- a/src/twisted/test/server.pem
|
|||
|
+++ b/src/twisted/test/server.pem
|
|||
|
@@ -41,7 +41,7 @@ certificate_bytes = (
|
|||
|
.not_valid_before(datetime.now())
|
|||
|
.not_valid_after(datetime.now() + timedelta(seconds=60 * 60 * 24 * 365 * 100))
|
|||
|
.subject_name(me)
|
|||
|
- .add_extension(SubjectAlternativeName([DNSName("localhost")]), False)
|
|||
|
+ .add_extension(SubjectAlternativeName([DNSName("localhost")]), critical=False)
|
|||
|
.issuer_name(me)
|
|||
|
.public_key(pk.public_key())
|
|||
|
.sign(pk, algorithm=SHA256())
|
|||
|
|
|||
|
From c8dce7b42b13466afd24ea5f9bbfc9a1c08c585f Mon Sep 17 00:00:00 2001
|
|||
|
From: Glyph <code@glyph.im>
|
|||
|
Date: Wed, 14 Jun 2023 14:17:12 -0700
|
|||
|
Subject: [PATCH 4/4] hooray, type stubs are updated too
|
|||
|
|
|||
|
---
|
|||
|
src/twisted/internet/_sslverify.py | 7 ++-----
|
|||
|
1 file changed, 2 insertions(+), 5 deletions(-)
|
|||
|
|
|||
|
diff --git a/src/twisted/internet/_sslverify.py b/src/twisted/internet/_sslverify.py
|
|||
|
index 6824482dc5b..d8f62e40954 100644
|
|||
|
--- a/src/twisted/internet/_sslverify.py
|
|||
|
+++ b/src/twisted/internet/_sslverify.py
|
|||
|
@@ -159,11 +159,8 @@ def _selectVerifyImplementation():
|
|||
|
)
|
|||
|
|
|||
|
try:
|
|||
|
- from service_identity import VerificationError # type: ignore[import]
|
|||
|
- from service_identity.pyopenssl import ( # type: ignore[import]
|
|||
|
- verify_hostname,
|
|||
|
- verify_ip_address,
|
|||
|
- )
|
|||
|
+ from service_identity import VerificationError
|
|||
|
+ from service_identity.pyopenssl import verify_hostname, verify_ip_address
|
|||
|
|
|||
|
return verify_hostname, verify_ip_address, VerificationError
|
|||
|
except ImportError as e:
|