Rudimentary testing for client certs.

5 files changed, 41 insertions, 2 deletions

diff --git a/libmproxy/flow.py b/libmproxy/flow.py
index 2c4c5513..2c4c5513 100755..100644
--- a/libmproxy/flow.py
+++ b/libmproxy/flow.py
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index db29f65a..036d26d3 100755..100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -85,7 +85,7 @@ class ServerConnection(tcp.TCPClient):
         if scheme == "https":
             clientcert = None
             if self.config.clientcerts:
-                path = os.path.join(self.config.clientcerts, self.host) + ".pem"
+                path = os.path.join(self.config.clientcerts, self.host.encode("idna")) + ".pem"
                 if os.path.exists(path):
                     clientcert = path
             try:
diff --git a/test/data/clientcert/127.0.0.1.pem b/test/data/clientcert/127.0.0.1.pem
new file mode 100644
index 00000000..af8d9d8f
--- /dev/null
+++ b/test/data/clientcert/127.0.0.1.pem
@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOr
+fDCw2jc11XDxK7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRx
+gl1jsxWdde3EHGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQAB
+AoGBAKyqhmK9/Sjf2JDgKGnjyHX/Ls3JXVvtqk6Yfw7YEiaVH1ZJyu/lOgQ414YQ
+rDzyTpxXHdERUh/fZ24/FvZvHFgy5gWEQjQPpprIxvqCLKJhX73L2+TnXmfYDApb
+J7V/JfnTeOaK9LTpHsofB98A1s9DWX/ccOgKTtZIYMjYpdoBAkEA9hLvtixbO2A2
+ZgDcA9ftVX2WwdpRH+mYXl1G60Fem5nlO3Rl3FDoafRvSQNZiqyOlObvKbbYh/S2
+L7ihEMMNYQJBAMaeLnAc9jO/z4ApTqSBGUpM9b7ul16aSgq56saUI0VULIZcXeo3
+3BwdL2fEOOnzjNy6NpH2BW63h/+2t7lV++8CQQDK+S+1Sr0uKtx0Iv1YRkHEJMW3
+vQbxldNS8wnOf6s0GisVcZubsTkkPLWWuiaf1ln9xMc9106gRmAI2PgyRVHBAkA6
+iI+C9uYP5i1Oxd2pWWqMnRWnSUVO2gWMF7J7B1lFq0Lb7gi3Z/L0Th2UZR2oxN/0
+hORkK676LBhmYgDPG+n9AkAJOnPIFQVAEBAO9bAxFrje8z6GRt332IlgxuiTeDE3
+EAlH9tmZma4Tri4sWnhJwCsxl+5hWamI8NL4EIeXRvPw
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJAI7G7a/d5YwEMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTAwMjAyMDM0MTExWhcNMTEwMjAyMDM0MTExWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOrfDCw2jc11XDx
+K7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRxgl1jsxWdde3E
+HGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQABo4GnMIGkMB0G
+A1UdDgQWBBS+MFJTsriCPNYsj8/4f+PympPEkzB1BgNVHSMEbjBsgBS+MFJTsriC
+PNYsj8/4f+PympPEk6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAI7G7a/d
+5YwEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAlpan/QX2fpXVRihV
+lQic2DktF4xd5unrZnFC8X8ScNX1ClU+AO79ejaobt4YGjeVYs0iQQsUL2E0G43c
+mOXfsq1b970Ep6xRS76EmZ+tTdFBd86tFTIhZJrOi67gs+twj5V2elyp3tQpg2ze
+G/jwDQS8V1X9CbfqBQriL7x5Tk4=
+-----END CERTIFICATE-----
diff --git a/test/test_server.py b/test/test_server.py
index 558e7cca..74647601 100644
--- a/test/test_server.py
+++ b/test/test_server.py
@@ -71,6 +71,9 @@ class TestHTTP(tutils.HTTPProxTest, SanityMixin):
 
 class TestHTTPS(tutils.HTTPProxTest, SanityMixin):
     ssl = True
+    # FIXME: Instrument pathod to actually test that client cert is being sent
+    # correctly.
+    clientcerts = True
 
 
 class TestReverse(tutils.ReverseProxTest, SanityMixin):
diff --git a/test/tutils.py b/test/tutils.py
index 9b5ac0f1..2dc4c090 100644
--- a/test/tutils.py
+++ b/test/tutils.py
@@ -123,9 +123,13 @@ class ProxTestBase:
 
 class HTTPProxTest(ProxTestBase):
     ssl = None
+    clientcerts = False
     @classmethod
     def get_proxy_config(cls):
-        return dict()
+        d = dict()
+        if cls.clientcerts:
+            d["clientcerts"] = test_data.path("data/clientcert")
+        return d
 
     def pathoc(self, connect_to = None):
         p = libpathod.pathoc.Pathoc("localhost", self.proxy.port)