Skip to content

Commit 92fd32a

Browse files
mohitmohit
committed
pin only the root certs. enable tests
1 parent 474cd4b commit 92fd32a

File tree

3 files changed

+1
-48
lines changed

3 files changed

+1
-48
lines changed

clever/__init__.py

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -307,15 +307,11 @@ def requests_request(self, meth, abs_url, headers, params):
307307
# Use a CA_BUNDLE containing the following chain:
308308
# - TrustedRoot
309309
# - DigiCert High Assurance EV - 1
310-
# - Clever.com EV
311310
#
312311
# This ensures that only this certificate chain is used to verify SSL certs.
313312
# Certs dervived from other ca certs will be treated as invalid.
314313
# eg. https://api.twitter.com and https://api.stripe.com FAIL
315314
# https://api.clever.com and https://api.github.com PASS
316-
#
317-
# TODO: This gets us close to CERT PINNING but we need to pin the entire
318-
# chain not just the CA
319315
result = requests.request(meth, abs_url,
320316
headers=headers, data=data, timeout=80,
321317
verify=CLEVER_CERTS)

clever/data/clever.com_ca_bundle.crt

Lines changed: 0 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,47 +1,4 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIHfzCCBmegAwIBAgIQCPhB0GT5rc6+MyBE9GU0MjANBgkqhkiG9w0BAQUFADBp
3-
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
4-
d3cuZGlnaWNlcnQuY29tMSgwJgYDVQQDEx9EaWdpQ2VydCBIaWdoIEFzc3VyYW5j
5-
ZSBFViBDQS0xMB4XDTEzMTIzMTAwMDAwMFoXDTE1MDMwNTEyMDAwMFowgf0xHTAb
6-
BgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVT
7-
MRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTUwNjgwMSUw
8-
IwYDVQQJExwxNDAgMm5kIFN0cmVldC4gRm91cnRoIEZsb29yMQ4wDAYDVQQREwU5
9-
NDEwNTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
10-
DVNhbiBGcmFuY2lzY28xFDASBgNVBAoTC0NsZXZlciBJbmMuMRMwEQYDVQQDEwpj
11-
bGV2ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wbQSZoN
12-
79tQEIxIPUgktcLxtl/gJaXoHfkf40/5qQq6qELAM3jDfC6iv+h23MTV2k5pcJ0e
13-
4NIXNr5NZnlPtjDAws3xHuRNLwkjp+iE5ZIsVYz3Vm4KTiCOQ6UABLXIUfOyTOd8
14-
knH/hNyRKyrolwxR0LuqA6n7qM3YUjq0K+glX1QGqtC6ByKm9W5HagA/HQ9knIm9
15-
FHLghjbnOdl7BTT+pLTYybyS6a3EUmVE1wwGYJkW8hli5YyAWBYK3UDR+8sIJPl9
16-
6aQF4n6p+m7UIB+CzwL5G3Juy3CatHlUAAuwyISMstTpNEhKG3AFIIvqlICVJBq9
17-
Nh4gJLeWP+Su0QIDAQABo4IDjDCCA4gwHwYDVR0jBBgwFoAUTFjLJfBBT1L0KMiB
18-
Q5umqKDmkuUwHQYDVR0OBBYEFN8EJ3FfAeuUYNNUHFCYPSFHN1OyMF0GA1UdEQRW
19-
MFSCCmNsZXZlci5jb22CDnd3dy5jbGV2ZXIuY29tghJhY2NvdW50LmNsZXZlci5j
20-
b22CEnN1cHBvcnQuY2xldmVyLmNvbYIOYXBpLmNsZXZlci5jb20wDgYDVR0PAQH/
21-
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBjBgNVHR8EXDBa
22-
MCugKaAnhiVodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vZXZjYTEtZzMuY3JsMCug
23-
KaAnhiVodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vZXZjYTEtZzMuY3JsMIIBxAYD
24-
VR0gBIIBuzCCAbcwggGzBglghkgBhv1sAgEwggGkMDoGCCsGAQUFBwIBFi5odHRw
25-
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYI
26-
KwYBBQUHAgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAg
27-
AEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAg
28-
AGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBl
29-
AHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBu
30-
AGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAg
31-
AGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAg
32-
AGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIABy
33-
AGUAZgBlAHIAZQBuAGMAZQAuMH0GCCsGAQUFBwEBBHEwbzAkBggrBgEFBQcwAYYY
34-
aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vY2Fj
35-
ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZDQS0xLmNy
36-
dDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQA73oGzdoo0PYsbhWsR
37-
rfuEOrm3n6qCQ3yTQZZlLDJeJLjkGtfLM9Ktbt0ygyCRLgQkKbRu6D73Y8A0m9ky
38-
nQQKq6mQBdaAqVnu9VDVS8G6cVCWgQR1hjQWphskDAey1pOyL61ncvrN/goI9CU7
39-
L2KqYL4LBIKBPbsWXzBIe3y1pJpxyofWiYbwzL3jLwhwk2Uyr/WwwTtUvpd6iBxb
40-
pXo6N3SYrHke8oWlA94ijkzURqESYZaUWNh7IkQITA2reQW/jmvtGVR/ymssURiH
41-
bLxrI3r/M7w+9cc3lz9ZVTfanQTABdIo+TSZDc7XPoKNthBUQ+klO8cDQ/6lfjQS
42-
tUed
43-
-----END CERTIFICATE-----
44-
-----BEGIN CERTIFICATE-----
452
MIIG5jCCBc6gAwIBAgIQAze5KDR8YKauxa2xIX84YDANBgkqhkiG9w0BAQUFADBs
463
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
474
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j

setup.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,5 +36,5 @@
3636
packages=['clever'],
3737
package_data={'clever' : ['data/clever.com_ca_bundle.crt', 'VERSION']},
3838
install_requires=install_requires,
39-
#test_suite='test',
39+
test_suite='test',
4040
)

0 commit comments

Comments
 (0)