diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2014-10-08 20:44:52 +0200 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2014-10-08 20:44:52 +0200 |
| commit | d5c318b070305ac51e6b37f80336ab471af28d26 (patch) | |
| tree | cd392ef8ce84b7f38965834a6fd636b411367817 /libmproxy/proxy | |
| parent | 76bd554cd19b36353ee0cb1837faabc792039a9b (diff) | |
| download | mitmproxy-d5c318b070305ac51e6b37f80336ab471af28d26.tar.gz mitmproxy-d5c318b070305ac51e6b37f80336ab471af28d26.tar.bz2 mitmproxy-d5c318b070305ac51e6b37f80336ab471af28d26.zip | |
fix support for chained certificates
Diffstat (limited to 'libmproxy/proxy')
| -rw-r--r-- | libmproxy/proxy/config.py | 4 | ||||
| -rw-r--r-- | libmproxy/proxy/server.py | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 62104a24..24e09b6a 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -16,7 +16,7 @@ def parse_host_pattern(patterns): class ProxyConfig: def __init__(self, host='', port=8080, server_version=version.NAMEVERSION, - confdir=CONF_DIR, ca_file=None, clientcerts=None, + confdir=CONF_DIR, default_ca=None, clientcerts=None, no_upstream_cert=False, body_size_limit=None, mode=None, upstream_server=None, http_form_in=None, http_form_out=None, authenticator=None, ignore=[], @@ -45,7 +45,7 @@ class ProxyConfig: self.ignore = parse_host_pattern(ignore) self.authenticator = authenticator self.confdir = os.path.expanduser(confdir) - self.ca_file = ca_file or os.path.join(self.confdir, CONF_BASENAME + "-ca.pem") + self.default_ca = default_ca or os.path.join(self.confdir, CONF_BASENAME + "-ca.pem") self.certstore = certutils.CertStore.from_store(self.confdir, CONF_BASENAME) for spec, cert in certs: self.certstore.add_cert_file(spec, cert) diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 307a4bcd..0152f539 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -190,14 +190,14 @@ class ConnectionHandler: if client: if self.client_conn.ssl_established: raise ProxyError(502, "SSL to Client already established.") - cert, key = self.find_cert() + cert, key, chain_file = self.find_cert() try: self.client_conn.convert_to_ssl( cert, key, handle_sni=self.handle_sni, cipher_list=self.config.ciphers, dhparams=self.config.certstore.dhparams, - ca_file=self.config.ca_file + chain_file=chain_file ) except tcp.NetLibError as v: raise ProxyError(400, repr(v)) @@ -264,17 +264,17 @@ class ConnectionHandler: self.log("SNI received: %s" % self.sni, "debug") self.server_reconnect() # reconnect to upstream server with SNI # Now, change client context to reflect changed certificate: - cert, key = self.find_cert() + cert, key, chain_file = self.find_cert() new_context = self.client_conn._create_ssl_context( cert, key, method=SSL.TLSv1_METHOD, cipher_list=self.config.ciphers, dhparams=self.config.certstore.dhparams, - ca_file=self.config.ca_file + chain_file=chain_file ) connection.set_context(new_context) # An unhandled exception in this method will core dump PyOpenSSL, so # make dang sure it doesn't happen. - except Exception: # pragma: no cover + except: # pragma: no cover import traceback self.log("Error in handle_sni:\r\n" + traceback.format_exc(), "error")
\ No newline at end of file |