whimsical-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject [whimsy] branch master updated: Allow for additional SKS server node as fallback
Date Sun, 22 Mar 2020 12:56:54 GMT
This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new a5f9b17  Allow for additional SKS server node as fallback
a5f9b17 is described below

commit a5f9b1798361b15cb317716a3d15959f830694ff
Author: Sebb <sebb@apache.org>
AuthorDate: Sun Mar 22 12:56:40 2020 +0000

    Allow for additional SKS server node as fallback
    
    This seems to have some newer keys
---
 .../workbench/TERENA_SSL_High_Assurance_CA_3.pem   | 29 ++++++++++++++++++++++
 .../views/actions/check-signature.json.rb          | 10 +++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/www/secretary/workbench/TERENA_SSL_High_Assurance_CA_3.pem b/www/secretary/workbench/TERENA_SSL_High_Assurance_CA_3.pem
new file mode 100644
index 0000000..2627150
--- /dev/null
+++ b/www/secretary/workbench/TERENA_SSL_High_Assurance_CA_3.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE4DCCA8igAwIBAgIQC1w0NWdbJGfA1zI3+Q1flDANBgkqhkiG9w0BAQsFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTE0MTExODEyMDAwMFoXDTI0MTExODEyMDAwMFowczEL
+MAkGA1UEBhMCTkwxFjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFt
+c3RlcmRhbTEPMA0GA1UEChMGVEVSRU5BMScwJQYDVQQDEx5URVJFTkEgU1NMIEhp
+Z2ggQXNzdXJhbmNlIENBIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQChNsmK4gfxr6c9j2OMBRo3gOA7z5keoaPHiX4rUX+1fF1Brmvf7Uo83sRiXRYQ
+RJrD79hzJrulDtdihxgS5HgvIQHqGrp3NRRDUlq/4bItLTp9QCHzLhRQSrSYaFkI
+zztYezwb3ABzNiVciqQFk7WR9ebh9ZaCxaXfebcg7LodgQQ4XDvkW2Aknkb1J8NV
+nlbKen6PLlNSL4+MLV+uF1e87aTgOxbM9sxZ1/1LRqrOu28z9WA8qUZn2Av+hcP2
+TQIBoMPMQ8dT+6Yx/0Y+2J702OU//dS0pi8gMe7FtYVcZrlcSy/C40I7EFYHEjTm
+zH4EGvG6t9wZua2atFKvP/7HAgMBAAGjggF1MIIBcTASBgNVHRMBAf8ECDAGAQH/
+AgEAMA4GA1UdDwEB/wQEAwIBhjB/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUHMAGG
+GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDovL2Nh
+Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENB
+LmNydDBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v
+RGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYE
+VR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MB0GA1UdDgQWBBTCuIXX4bkTvdFIvP1e3H2QQnqKqTAfBgNVHSMEGDAWgBSxPsNp
+A/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAsCq7NTey6NjZHqT4
+kjZBNU3sItnD+RYAMWx4ZyaELcy7XhndQzX88TYSCYxl/YWB6lCjxx0dL3wTZUbX
+r+WRDzz5xX+98kdYrwNCT7fmT4eenv6cCS1sC9hc4sIl5dkb1pguY3ViV5D8/yEB
+hadOpw3TwI8xkqe2j/H5fp4Oaf9cFdpf9C85mQgZJwsvtvmmDTQTPcGPRFTgdGtY
+2xbWxDah6HjKpX6iI4BTBQhhpX6TJl6/GEaYK07s2Kr8BFPhrgmep9vrepWv61x7
+dnnqz5SeAs6cbSm551qG7Dj8+6f/8e33oqLC5Ldnbt0Ou6PjtZ4O02dN9cnicemR
+1B0/YQ==
+-----END CERTIFICATE-----
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb b/www/secretary/workbench/views/actions/check-signature.json.rb
index 8175a1f..114c7c4 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -11,7 +11,9 @@ ENV['GNUPGHOME'] = GNUPGHOME if GNUPGHOME
 
 # Removed keys.openpgp.org as it does not return data such as email unless user specifically
allows this 
 
-KEYSERVERS = %w{hkps.pool.sks-keyservers.net}
+KEYSERVERS = %w{hkps.pool.sks-keyservers.net gozer.rediris.es}
+
+TERENA_CERT = '/srv/whimsy/www/secretary/workbench/TERENA_SSL_High_Assurance_CA_3.pem'
 
 # ** N.B. ensure the keyserver URI is known below **
 def getServerURI(server, keyid)
@@ -42,6 +44,12 @@ def getURI(uri,file)
   # The pool needs a special CA cert
   if SKS_KEYSERVER_CERT and uri.host == 'hkps.pool.sks-keyservers.net'
     opts[:ca_file] = SKS_KEYSERVER_CERT
+    elsif uri.host.end_with? '.rediris.es'
+    require 'openssl'
+    store = OpenSSL::X509::Store.new
+    store.set_default_paths
+    store.add_file(TERENA_CERT)
+    opts[:cert_store] = store
   end
   Net::HTTP.start(uri.host, uri.port, opts ) do |https|
     https.request_get(uri.request_uri) do |res|


Mime
View raw message