/jorji

Toolkit for testing if you actually verify TLS certificates.

Primary LanguagePythonApache License 2.0Apache-2.0

jorji

https://coveralls.io/repos/lvh/jorji/badge.png

This is Jorji:

https://dl.dropboxusercontent.com/u/38476311/Logos/jorji.png

Jorji has a forged passp^H^H^H^H^Hcertificate:

https://dl.dropboxusercontent.com/u/38476311/Logos/jorji-passport.png

Would you spot it? Would your software?

(Jorji and his passport are part of the excellent Papers, Please, a dystopian game about border control in a fictional communist country by Lucas Pope. Lucas has graciously allowed me to use the above artwork, because he's awesome. You should go buy his games.)

jorji (this project) contains the tools you need to produce a TLS server (by default, an HTTPS server) with bogus certificates. This is useful to write integration tests to verify that your application actually checks the certificate provided by the server.

TLS clients have pretty much one job: verify certificates correctly. Most clients don't bother to verify certificates at all, and give forgeries way less credible than Jorji's passport a pass.

Using jorji

Preparation

Create some bogus certs:

>>> from jorji import make_cert
>>> TODO

With Twisted

If you're already using Twisted:

>>> from jorji import start
>>> TODO

Without Twisted (a.k.a. with Twisted, secretly, anyway)

The recommended way to use jorji without Twisted is crochet. It will run the Twisted reactor off in a thread somewhere so you don't have to worry about it.

Thanks!

I'd like to thank Rackspace for giving me the opportunity to produce open-source software on company time.

Contributing to jorji

Please see the CONTRIBUTING file.