diff options
author | ikoz <john@kozyrakis.gr> | 2016-03-16 22:57:57 +0000 |
---|---|---|
committer | ikoz <john@kozyrakis.gr> | 2016-03-16 22:57:57 +0000 |
commit | b4e7aaf2f68af60ec32219d27d3d10b79f5d0610 (patch) | |
tree | 4b63274d1b9ace3aab5ddd1286e44e4a9ea7ad56 | |
parent | 8ed491201a8ec56585b0e35d9c17e18231b174f8 (diff) | |
download | mitmproxy-b4e7aaf2f68af60ec32219d27d3d10b79f5d0610.tar.gz mitmproxy-b4e7aaf2f68af60ec32219d27d3d10b79f5d0610.tar.bz2 mitmproxy-b4e7aaf2f68af60ec32219d27d3d10b79f5d0610.zip |
Make the add-server-certs-to-client-chain and verify-upstream-cert options mutually exclusive whily processing the proxy options. Do the same for the add-server-certs-to-client-chain and no-upstream-cert options.
-rw-r--r-- | mitmproxy/proxy/config.py | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index 311d2599..bd02c628 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -138,14 +138,26 @@ def process_proxy_options(parser, options): "Transparent, SOCKS5, reverse and upstream proxy mode " "are mutually exclusive. Read the docs on proxy modes to understand why." ) - + if options.add_upstream_certs_to_client_chain and options.no_upstream_cert: + return parser.error( + "The no-upstream-cert and add-upstream-certs-to-client-chain " + "options are mutually exclusive. If no-upstream-cert is enabled " + "then the upstream certificate is not retrieved before generating " + "the client certificate chain." + ) + if options.add_upstream_certs_to_client_chain and options.ssl_verify_upstream_cert: + return parser.error( + "The verify-upstream-cert and add-upstream-certs-to-client-chain " + "options are mutually exclusive. If upstream certificates are verified " + "then extra upstream certificates are not available for inclusion " + "to the client chain." + ) if options.clientcerts: options.clientcerts = os.path.expanduser(options.clientcerts) if not os.path.exists(options.clientcerts): return parser.error( - "Client certificate path does not exist: %s" % options.clientcerts + "Client certificate path does not exist: %s" % options.clientcerts ) - if options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd: if options.transparent_proxy: |