upload: optionnaly verify certificate issuer dn

This commit is contained in:
Christophe Siraut 2020-09-11 14:58:07 +02:00
parent b6d0c87fa9
commit 49f49491e6
2 changed files with 5 additions and 0 deletions

View File

@ -80,6 +80,10 @@ def ssl_client_verify(view):
request.host_verified = cn
else:
request.host_verified = dn.split(',')[0].split('=')[1]
if settings.CA_ISSUER:
ca_issuer = headers.get('HTTP_X_SSL_ISSUER')
if ca_issuer != settings.CA_ISSUER:
raise PermissionDenied
else:
if settings.DEBUG:
request.host_verified = 'test_host'

View File

@ -26,6 +26,7 @@ DEBUG = False
ALLOWED_HOSTS = []
CA_ISSUER = None # dn of the trusted ca certificate; None means all (depending on the underlying haproxy/nginx configuration)
JOURNAL_HISTORY = 7
MAIL_HISTORY = 7