From 0eee65487bd54561244704b8d65cd971f9cd580f Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Sat, 20 Jun 2020 21:25:57 +0100
Subject: fish

---
 master/pkcs11 | 31 +++++++++++++++++++++++++++++++
 master/series |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 master/pkcs11
 create mode 100644 master/series

diff --git a/master/pkcs11 b/master/pkcs11
new file mode 100644
index 0000000..30cb486
--- /dev/null
+++ b/master/pkcs11
@@ -0,0 +1,31 @@
+diff --git a/mitmproxy/net/tls.py b/mitmproxy/net/tls.py
+index 4c0f1d6b..c5062272 100644
+--- a/mitmproxy/net/tls.py
++++ b/mitmproxy/net/tls.py
+@@ -296,7 +296,25 @@ def create_client_context(
+     # Client Certs
+     if cert:
+         try:
+-            context.use_privatekey_file(cert)
++            if os.path.exists(cert + ".pkcs11" ):
++                with open(cert + ".pkcs11", 'r') as f:
++                    pkcs11_url = f.read()
++
++                pkcs11_url = pkcs11_url.rstrip("\n");
++
++                engine = SSL._lib.ENGINE_by_id( b"pkcs11" )
++                SSL._lib.ENGINE_init(engine)
++
++                _pkey = SSL._lib.ENGINE_load_private_key( engine, bytes(pkcs11_url, 'ascii'), SSL._ffi.NULL, SSL._ffi.NULL )
++
++                pkey = SSL.PKey()
++                pkey._pkey = _pkey
++                pkey._initialized = True
++
++                context.use_privatekey(pkey)
++            else:
++                context.use_privatekey_file(cert)
++
+             context.use_certificate_chain_file(cert)
+         except SSL.Error as v:
+             raise exceptions.TlsException("SSL client certificate error: %s" % str(v))
diff --git a/master/series b/master/series
new file mode 100644
index 0000000..d5b8e2c
--- /dev/null
+++ b/master/series
@@ -0,0 +1 @@
+pkcs11
-- 
cgit v1.2.3