vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Various small fixes and add support for subjectAltName to the SSL cert check

Browse source
This commit is contained in:
Joseph Schorr 2015-02-12 14:00:26 -05:00
parent f107b50a46
commit 7a199f63eb
3 changed files with 24 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
static/js/controllers/setup.js
View file

@ -123,7 +123,7 @@ function SetupCtrl($scope, $timeout, ApiService, Features, UserService, Containe
$scope.showSuperuserPanel = function() { $scope.showSuperuserPanel = function() {
$('#setupModal').modal('hide'); $('#setupModal').modal('hide');
var prefix = scope.hasSSL ? 'https' : 'http'; var prefix = $scope.hasSSL ? 'https' : 'http';
var hostname = $scope.hostname; var hostname = $scope.hostname;
window.location = prefix + '://' + hostname + '/superuser'; window.location = prefix + '://' + hostname + '/superuser';
}; };
@ -198,9 +198,12 @@ function SetupCtrl($scope, $timeout, ApiService, Features, UserService, Containe
}; };
$scope.serializeDbUri = function(fields) { $scope.serializeDbUri = function(fields) {
if (!fields['server']) { return '' }; if (!fields['server']) { return ''; }
try { try {
if (!fields['server']) { return ''; }
if (!fields['database']) { return ''; }
var uri = URI(); var uri = URI();
uri = uri && uri.host(fields['server']); uri = uri && uri.host(fields['server']);
uri = uri && uri.protocol(fields['kind']); uri = uri && uri.protocol(fields['kind']);

3
static/partials/setup.html
View file

@ -226,7 +226,8 @@
Problem Detected Problem Detected
</span> </span>
<button type="submit" class="btn btn-primary" ng-disabled="!databaseUri" <button type="submit" class="btn btn-primary"
ng-disabled="!databaseUri"
ng-click="validateDatabase()"> ng-click="validateDatabase()">
Validate Database Settings Validate Database Settings
</button> </button>

20
util/config/validator.py
View file

@ -195,9 +195,23 @@ def _validate_ssl(config):
if common_name is None: if common_name is None:
raise Exception('Missing CommonName (CN) from SSL certificate') raise Exception('Missing CommonName (CN) from SSL certificate')
if not fnmatch(config['SERVER_HOSTNAME'], common_name): # Build the list of allowed host patterns.
raise Exception('CommonName (CN) "%s" in SSL cert does not match server hostname "%s"' % hosts = set([common_name])
(common_name, config['SERVER_HOSTNAME']))
# Find the DNS extension, if any.
for i in range(0, cert.get_extension_count()):
ext = cert.get_extension(i)
if ext.get_short_name() == 'subjectAltName':
value = str(ext)
hosts.update([host.strip()[4:] for host in value.split(',')])
# Check each host.
for host in hosts:
if fnmatch(config['SERVER_HOSTNAME'], host):
return
raise Exception('Supported names "%s" in SSL cert do not match server hostname "%s"' %
(', '.join(list(hosts)), config['SERVER_HOSTNAME']))