diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2015-02-27 12:51:06 +0100 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2015-02-27 12:51:06 +0100 |
| commit | 3323b29f10175d4100eb00a3787fa1c15e71e413 (patch) | |
| tree | b8e06a6e6352089bf99558df39407e809dcadb52 /libmproxy/proxy | |
| parent | c51a1dbb1166db6265d59f92e7fcf95ec35ff341 (diff) | |
| download | mitmproxy-3323b29f10175d4100eb00a3787fa1c15e71e413.tar.gz mitmproxy-3323b29f10175d4100eb00a3787fa1c15e71e413.tar.bz2 mitmproxy-3323b29f10175d4100eb00a3787fa1c15e71e413.zip | |
always include SNI as SAN entry
To be as robust as possible, we include the SNI value always as a Subject
Alternative Name. Second, we make sure that the server address is in the
list as well.
Diffstat (limited to 'libmproxy/proxy')
| -rw-r--r-- | libmproxy/proxy/server.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 4e576067..8544ff72 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -260,11 +260,12 @@ class ConnectionHandler: sans = [] if self.server_conn.ssl_established and (not self.config.no_upstream_cert): upstream_cert = self.server_conn.cert + sans.extend(upstream_cert.altnames) if upstream_cert.cn: + sans.append(host) host = upstream_cert.cn.decode("utf8").encode("idna") - sans = upstream_cert.altnames - elif self.server_conn.sni: - sans = [self.server_conn.sni] + if self.server_conn.sni: + sans.append(self.server_conn.sni) ret = self.config.certstore.get_cert(host, sans) if not ret: |