diff options
author | Aldo Cortesi <aldo@nullcube.com> | 2014-03-11 13:02:10 +1300 |
---|---|---|
committer | Aldo Cortesi <aldo@nullcube.com> | 2014-03-11 13:02:10 +1300 |
commit | e89e035d4a2c52aff77fdb3eaa01e8bdb1539a17 (patch) | |
tree | da9bfbee4f8316bcb6746eed175689ddd17c4ebc /libmproxy/proxy/server.py | |
parent | c1fff51b1bf25ac048149398ae6b6dc14882a838 (diff) | |
download | mitmproxy-e89e035d4a2c52aff77fdb3eaa01e8bdb1539a17.tar.gz mitmproxy-e89e035d4a2c52aff77fdb3eaa01e8bdb1539a17.tar.bz2 mitmproxy-e89e035d4a2c52aff77fdb3eaa01e8bdb1539a17.zip |
Certificate forwarding.
Diffstat (limited to 'libmproxy/proxy/server.py')
-rw-r--r-- | libmproxy/proxy/server.py | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index a5b95fb7..4723104e 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -188,7 +188,8 @@ class ConnectionHandler: self.client_conn.convert_to_ssl( cert, key, handle_sni = self.handle_sni, - cipher_list = self.config.ciphers + cipher_list = self.config.ciphers, + dhparams = self.config.certstore.dhparams ) def server_reconnect(self, no_ssl=False): @@ -217,18 +218,21 @@ class ConnectionHandler: self.channel.tell("log", Log(msg)) def find_cert(self): - host = self.server_conn.address.host - sans = [] - if not self.config.no_upstream_cert or not self.server_conn.ssl_established: - upstream_cert = self.server_conn.cert - if upstream_cert.cn: - host = upstream_cert.cn.decode("utf8").encode("idna") - sans = upstream_cert.altnames - - ret = self.config.certstore.get_cert(host, sans) - if not ret: - raise ProxyError(502, "Unable to generate dummy cert.") - return ret + if self.config.certforward and self.server_conn.ssl_established: + return self.server_conn.cert, self.config.certstore.gen_pkey(self.server_conn.cert) + else: + host = self.server_conn.address.host + sans = [] + if not self.config.no_upstream_cert or not self.server_conn.ssl_established: + upstream_cert = self.server_conn.cert + if upstream_cert.cn: + host = upstream_cert.cn.decode("utf8").encode("idna") + sans = upstream_cert.altnames + + ret = self.config.certstore.get_cert(host, sans) + if not ret: + raise ProxyError(502, "Unable to generate dummy cert.") + return ret def handle_sni(self, connection): """ @@ -251,4 +255,4 @@ class ConnectionHandler: # An unhandled exception in this method will core dump PyOpenSSL, so # make dang sure it doesn't happen. except Exception, e: # pragma: no cover - pass
\ No newline at end of file + pass |