diff options
| author | Paul <paulhooijenga@gmail.com> | 2012-05-23 23:09:03 +0200 |
|---|---|---|
| committer | Paul <paulhooijenga@gmail.com> | 2012-05-23 23:09:03 +0200 |
| commit | 5f8855df555eed0f68b476636ab6065e12d3f27c (patch) | |
| tree | ad4cc790a08007de785f3a1cd32b5597b069fecf | |
| parent | 08d6da2941347d672d69ddc1786da875ab6b5287 (diff) | |
| download | mitmproxy-5f8855df555eed0f68b476636ab6065e12d3f27c.tar.gz mitmproxy-5f8855df555eed0f68b476636ab6065e12d3f27c.tar.bz2 mitmproxy-5f8855df555eed0f68b476636ab6065e12d3f27c.zip | |
Added a switch to send client certificates to hosts
| -rw-r--r-- | libmproxy/proxy.py | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py index ffac6baa..912f3f31 100644 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -33,10 +33,11 @@ class ProxyError(Exception): class ProxyConfig: - def __init__(self, certfile = None, ciphers = None, cacert = None, cert_wait_time=0, upstream_cert=False, body_size_limit = None, reverse_proxy=None): + def __init__(self, certfile = None, ciphers = None, cacert = None, clientcerts = None, cert_wait_time=0, upstream_cert=False, body_size_limit = None, reverse_proxy=None): self.certfile = certfile self.ciphers = ciphers self.cacert = cacert + self.clientcerts = clientcerts self.certdir = None self.cert_wait_time = cert_wait_time self.upstream_cert = upstream_cert @@ -238,7 +239,14 @@ class ServerConnection: addr = socket.gethostbyname(self.host) server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if self.scheme == "https": - server = ssl.wrap_socket(server) + if self.config.clientcerts: + clientcert = os.path.join(self.config.clientcerts, self.host) + ".pem" + if not os.path.exists(clientcert): + clientcert = None + else: + clientcert = None + server = ssl.wrap_socket(server, certfile = clientcert) + server.connect((addr, self.port)) if self.scheme == "https": self.cert = server.getpeercert(True) @@ -550,6 +558,11 @@ def certificate_option_group(parser): type = "str", dest="ciphers", default=None, help = "SSL ciphers." ) + group.add_option( + "--client-certs", action="store", + type = "str", dest = "clientcerts", default=None, + help = "Client certificate directory." + ) parser.add_option_group(group) @@ -574,9 +587,15 @@ def process_proxy_options(parser, options): else: rp = None + if options.clientcerts: + options.clientcerts = os.path.expanduser(options.clientcerts) + if not os.path.exists(options.clientcerts) or not os.path.isdir(options.clientcerts): + parser.error("Client certificate directory does not exist or is not a directory: %s"%options.clientcerts) + return ProxyConfig( certfile = options.cert, cacert = cacert, + clientcerts = options.clientcerts, ciphers = options.ciphers, cert_wait_time = options.cert_wait_time, body_size_limit = body_size_limit, |