Catch and handle SSL connection errors.

author: Aldo Cortesi <aldo@nullcube.com> 2012-07-01 12:10:32 +1200
committer: Aldo Cortesi <aldo@nullcube.com> 2012-07-01 12:10:32 +1200
commit: 90365e270e3e10779f6401e8f2ab48f243479ab2 (patch)
tree: bd7fdf4c4ae04cabea6b0b314e3a86f28e081789 /libmproxy/proxy.py
parent: 4e9d4e8ddd0274949e44e52063eabd298a57b66e (diff)
download: mitmproxy-90365e270e3e10779f6401e8f2ab48f243479ab2.tar.gz
mitmproxy-90365e270e3e10779f6401e8f2ab48f243479ab2.tar.bz2
mitmproxy-90365e270e3e10779f6401e8f2ab48f243479ab2.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index f13dce60..8f7210ca 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -88,7 +88,10 @@ class ServerConnection(tcp.TCPClient):
                 path = os.path.join(self.config.clientcerts, self.host) + ".pem"
                 if os.path.exists(clientcert):
                     clientcert = path
-            self.convert_to_ssl(clientcert=clientcert, sni=self.host)
+            try:
+                self.convert_to_ssl(clientcert=clientcert, sni=self.host)
+            except tcp.NetLibError, v:
+                raise ProxyError(400, str(v))
 
     def send(self, request):
         self.requestcount += 1
@@ -260,7 +263,10 @@ class ProxyHandler(tcp.BaseHandler):
             if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]):
                 scheme = "https"
                 certfile = self.find_cert(host, port, None)
-                self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                try:
+                    self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                except tcp.NetLibError, v:
+                    raise ProxyError(400, str(v))
             else:
                 scheme = "http"
             host = self.sni or host
@@ -312,7 +318,10 @@ class ProxyHandler(tcp.BaseHandler):
                             )
                 self.wfile.flush()
                 certfile = self.find_cert(host, port, None)
-                self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                try:
+                    self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                except tcp.NetLibError, v:
+                    raise ProxyError(400, str(v))
                 self.proxy_connect_state = (host, port, httpversion)
                 line = self.rfile.readline(line)
             if self.proxy_connect_state:
author	Aldo Cortesi <aldo@nullcube.com>	2012-07-01 12:10:32 +1200
committer	Aldo Cortesi <aldo@nullcube.com>	2012-07-01 12:10:32 +1200
commit	90365e270e3e10779f6401e8f2ab48f243479ab2 (patch)
tree	bd7fdf4c4ae04cabea6b0b314e3a86f28e081789 /libmproxy/proxy.py
parent	4e9d4e8ddd0274949e44e52063eabd298a57b66e (diff)
download	mitmproxy-90365e270e3e10779f6401e8f2ab48f243479ab2.tar.gz mitmproxy-90365e270e3e10779f6401e8f2ab48f243479ab2.tar.bz2 mitmproxy-90365e270e3e10779f6401e8f2ab48f243479ab2.zip