Merge branch 'master' of github.com:mitmproxy/mitmproxy

author: Maximilian Hils <git@maximilianhils.com> 2014-03-11 02:16:30 +0100
committer: Maximilian Hils <git@maximilianhils.com> 2014-03-11 02:16:30 +0100
commit: 14db30080f17762bc6bb9d75c5d90bf51494b873 (patch)
tree: fb4ae3cbfbc37fdc465aaf36247efd1a05e2628f /libmproxy/proxy/server.py
parent: 15c82f743f6969b11afe17ecb82840e70d6b3ba3 (diff)
parent: e89e035d4a2c52aff77fdb3eaa01e8bdb1539a17 (diff)
download: mitmproxy-14db30080f17762bc6bb9d75c5d90bf51494b873.tar.gz
mitmproxy-14db30080f17762bc6bb9d75c5d90bf51494b873.tar.bz2
mitmproxy-14db30080f17762bc6bb9d75c5d90bf51494b873.zip
1 files changed, 18 insertions, 14 deletions
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py
index dc502e1c..e308d081 100644
--- a/libmproxy/proxy/server.py
+++ b/libmproxy/proxy/server.py
@@ -190,7 +190,8 @@ class ConnectionHandler:
             self.client_conn.convert_to_ssl(
                 cert, key,
                 handle_sni = self.handle_sni,
-                cipher_list = self.config.ciphers
+                cipher_list = self.config.ciphers,
+                dhparams = self.config.certstore.dhparams
             )
 
     def server_reconnect(self, no_ssl=False):
@@ -219,18 +220,21 @@ class ConnectionHandler:
         self.channel.tell("log", Log(msg))
 
     def find_cert(self):
-        host = self.server_conn.address.host
-        sans = []
-        if not self.config.no_upstream_cert or not self.server_conn.ssl_established:
-            upstream_cert = self.server_conn.cert
-            if upstream_cert.cn:
-                host = upstream_cert.cn.decode("utf8").encode("idna")
-            sans = upstream_cert.altnames
-
-        ret = self.config.certstore.get_cert(host, sans)
-        if not ret:
-            raise ProxyError(502, "Unable to generate dummy cert.")
-        return ret
+        if self.config.certforward and self.server_conn.ssl_established:
+            return self.server_conn.cert, self.config.certstore.gen_pkey(self.server_conn.cert)
+        else:
+            host = self.server_conn.address.host
+            sans = []
+            if not self.config.no_upstream_cert or not self.server_conn.ssl_established:
+                upstream_cert = self.server_conn.cert
+                if upstream_cert.cn:
+                    host = upstream_cert.cn.decode("utf8").encode("idna")
+                sans = upstream_cert.altnames
+
+            ret = self.config.certstore.get_cert(host, sans)
+            if not ret:
+                raise ProxyError(502, "Unable to generate dummy cert.")
+            return ret
 
     def handle_sni(self, connection):
         """
@@ -253,4 +257,4 @@ class ConnectionHandler:
         # An unhandled exception in this method will core dump PyOpenSSL, so
         # make dang sure it doesn't happen.
         except Exception, e:  # pragma: no cover
-            pass
-\ No newline at end of file
+            pass
author	Maximilian Hils <git@maximilianhils.com>	2014-03-11 02:16:30 +0100
committer	Maximilian Hils <git@maximilianhils.com>	2014-03-11 02:16:30 +0100
commit	14db30080f17762bc6bb9d75c5d90bf51494b873 (patch)
tree	fb4ae3cbfbc37fdc465aaf36247efd1a05e2628f /libmproxy/proxy/server.py
parent	15c82f743f6969b11afe17ecb82840e70d6b3ba3 (diff)
parent	e89e035d4a2c52aff77fdb3eaa01e8bdb1539a17 (diff)
download	mitmproxy-14db30080f17762bc6bb9d75c5d90bf51494b873.tar.gz mitmproxy-14db30080f17762bc6bb9d75c5d90bf51494b873.tar.bz2 mitmproxy-14db30080f17762bc6bb9d75c5d90bf51494b873.zip