Ubuntu Single Sign On Client

Merge lp:~dobey/ubuntu-sso-client/ssl-strict into lp:ubuntu-sso-client

  1. ssl-strict
  2. Merge into trunk
Proposed by dobey on 2012-06-13
Status: Merged
Approved by: dobey on 2012-06-13
Approved revision: 970
Merged at revision: 968
Proposed branch: lp:~dobey/ubuntu-sso-client/ssl-strict
Merge into: lp:ubuntu-sso-client
Diff against target: 65 lines (+25/-0)
2 files modified
ubuntu_sso/gtk/gui.py (+18/-0)
ubuntu_sso/gtk/tests/test_gui.py (+7/-0)
To merge this branch: bzr merge lp:~dobey/ubuntu-sso-client/ssl-strict
Reviewer Review Type Date Requested Status
Alejandro J. Cura (community) Approve on 2012-06-13
Roberto Alsina (community) 2012-06-13 Approve on 2012-06-13
Review via email: mp+110128@code.launchpad.net

Commit Message

Ensure we are using strict ssl with the system ca-certificates.crt file

To post a comment you must log in.
Roberto Alsina (ralsina) :
review: Approve
dobey (dobey) wrote :

Now, I'm seeing this at the end of the gtk+ tests run, preventing the qt tests and style checks from running:

PASSED (skips=9, successes=822)
Segmentation fault (core dumped)

Not sure why though.

Alejandro J. Cura (alecu) wrote :

I'm getting the same segmentation errors on Precise 64 bits.

Alejandro J. Cura (alecu) wrote :

Passes all tests now

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ubuntu_sso/gtk/gui.py'
2--- ubuntu_sso/gtk/gui.py 2012-04-11 16:38:28 +0000
3+++ ubuntu_sso/gtk/gui.py 2012-06-13 20:18:19 +0000
4@@ -109,6 +109,12 @@
5 LARGE_MARKUP = u'<span size="x-large">%s</span>'
6
7
8+# SSL properties and certs location
9+STRICT_SSL_PROP = 'ssl-strict'
10+CERTS_FILE_PROP = 'ssl-ca-file'
11+CA_CERT_FILE = '/etc/ssl/certs/ca-certificates.crt'
12+
13+
14 def log_call(f):
15 """Decorator to log call funtions."""
16
17@@ -953,11 +959,23 @@
18
19 self._set_current_page(self.processing_vbox)
20
21+ def _webkit_init_ssl(self):
22+ """Set the WebKit ssl strictness."""
23+ # delay the import of webkit to be able to build without it
24+ from gi.repository import WebKit # pylint: disable=E0611
25+
26+ # Set the Soup session to be strict and use system CA certs
27+ session = WebKit.get_default_session()
28+ session.set_property(STRICT_SSL_PROP, True)
29+ session.set_property(CERTS_FILE_PROP, CA_CERT_FILE)
30+
31 def _add_webkit_browser(self):
32 """Add the webkit browser for the t&c."""
33 # delay the import of webkit to be able to build without it
34 from gi.repository import WebKit # pylint: disable=E0611
35
36+ self._webkit_init_ssl()
37+
38 browser = WebKit.WebView()
39
40 browser.connect('notify::load-status',
41
42=== modified file 'ubuntu_sso/gtk/tests/test_gui.py'
43--- ubuntu_sso/gtk/tests/test_gui.py 2012-04-11 16:38:28 +0000
44+++ ubuntu_sso/gtk/tests/test_gui.py 2012-06-13 20:18:19 +0000
45@@ -911,6 +911,7 @@
46 def setUp(self):
47 yield super(TermsAndConditionsBrowserTestCase, self).setUp()
48 self.patch(WebKit, 'WebView', FakedEmbeddedBrowser)
49+ self.patch(self.ui, '_webkit_init_ssl', self._set_called)
50
51 self.ui.tc_button.clicked()
52 self.addCleanup(self.ui.tc_browser_vbox.hide)
53@@ -919,6 +920,12 @@
54 assert len(children) == 1
55 self.browser = children[0]
56
57+ def test_ssl_validation(self):
58+ """The browser is set to validate SSL."""
59+ self.assertEqual(self._called, ((), {}),
60+ '_webkit_init_ssl should be called when creating a '
61+ 'webkit browser.')
62+
63 def test_tc_browser_is_created_when_tc_page_is_shown(self):
64 """The browser is created when the TC button is clicked."""
65 self.ui.on_tc_browser_notify_load_status(self.browser)

Subscribers

People subscribed via source and target branches