diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2011-06-11 15:16:16 +1200 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2011-06-11 15:16:16 +1200 |
| commit | 7d7803a4d9a21d95a005294f4eaca326bc076138 (patch) | |
| tree | dcfe3cf51caae972525572d096f70268948574bf /libmproxy/utils.py | |
| parent | 62f9864395fcb9933992257d5beabf84e532f85f (diff) | |
| download | mitmproxy-7d7803a4d9a21d95a005294f4eaca326bc076138.tar.gz mitmproxy-7d7803a4d9a21d95a005294f4eaca326bc076138.tar.bz2 mitmproxy-7d7803a4d9a21d95a005294f4eaca326bc076138.zip | |
Add a hideous kludge to fix not-yet-valid certificates.
- The OpenSSL x509 has no way to explicitly set the notBefore value on
certificates.
- If two systems have the same configured time, it's possible to return a
certificate before the validity start time has arrived.
- We "solve" this by waiting for one second when a certificate is first
generated before returning the cert. The alternative is to rewrite pretty much
all of our certificate generation, a thought too horrible to contemplate.
Diffstat (limited to 'libmproxy/utils.py')
| -rw-r--r-- | libmproxy/utils.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libmproxy/utils.py b/libmproxy/utils.py index 699cb863..209ec27a 100644 --- a/libmproxy/utils.py +++ b/libmproxy/utils.py @@ -14,6 +14,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import re, os, subprocess, datetime, textwrap, errno, sys, time, functools +CERT_SLEEP_TIME = 1 def timestamp(): """ @@ -485,6 +486,7 @@ def dummy_cert(certdir, ca, commonname): stdin=subprocess.PIPE ) if ret: return None + time.sleep(CERT_SLEEP_TIME) return certpath |