Install service_identity

m-lab / ooni-support

Support scripts for OONI on M-Lab

Apache License 2.0

10 stars 7 forks source link

Install service_identity #41

Closed defuse closed 10 years ago

defuse commented 10 years ago

After installing ooni, there's a scary warning message about missing something or other that has to do with SSL certificates. Apparently all you have to do is install service_identity. So make the deployment scripts do that.

defuse commented 10 years ago

I'll do this today.

defuse commented 10 years ago

/home/mlab_ooni/lib/python2.6/site-packages/Twisted-14.0.0-py2.6-linux-i686.egg/twisted/internet/_sslverify.py:184: UserWarning: You do not have the service_identity module installed. Please install it from <https://pypi.python.org/pypi/service_identity>. Without the service_identity module and a recent enough pyOpenSSL tosupport it, Twisted can perform only rudimentary TLS client hostnameverification.  Many valid certificate/hostname mappings may be rejected.
  verifyHostname, VerificationError = _selectVerifyImplementation()

defuse commented 10 years ago

Just add service_identity to Oonib's requirements.txt

defuse commented 10 years ago

"TL;DR: Use this package if you use pyOpenSSL and don’t want to be MITMed."

defuse commented 10 years ago

Since this is a problem with ooni-backend itself, I created this ticket to track progress on fixing it:

https://trac.torproject.org/projects/tor/ticket/12643#ticket

Since this is a security issue, I'm leaving this ticket open for M-Lab to close when it's fixed.

hellais commented 10 years ago

This is now fixed. I think this ticket can now be closed.

defuse commented 10 years ago

One more step is needed -- to advance the submodule in ooni-support to include the fix. I'm trying to figure out how to test it before I do, but it seems checking out master before building the rpm isn't enough.

defuse commented 10 years ago

Ah, I think I accidentally scpd the wrong rpm.

defuse commented 10 years ago

I tried to test the newer version and I got:

Traceback (most recent call last):
  File "/home/mlab_ooni/bin/oonib", line 5, in <module>
    pkg_resources.run_script('oonib==1.0.2', 'oonib')
  File "/home/mlab_ooni/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg/pkg_resources.py", line 489, in run_script
  File "/home/mlab_ooni/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg/pkg_resources.py", line 1214, in run_script
  File "/home/mlab_ooni/lib/python2.6/site-packages/oonib-1.0.2-py2.6.egg/EGG-INFO/scripts/oonib", line 39, in <module>

  File "build/bdist.linux-i686/egg/oonib/runner.py", line 21, in <module>
  File "build/bdist.linux-i686/egg/oonib/oonibackend.py", line 47, in <module>
KeyError: 'dns_discovery'

defuse commented 10 years ago

That's probably because the oonib.conf in embedded into initialize.sh doesn't have that new test helper.

defuse commented 10 years ago

I fixed the config file and it now works. I'll close this after I put it all in a new pull request.

defuse commented 10 years ago

Opened #66 so this can be closed.