diff options
author | Abcdefghijklmnopqrstuvwxyzxyz <huang_yue_zhi@outlook.com> | 2018-11-09 16:06:04 +0800 |
---|---|---|
committer | Maximilian Hils <git@maximilianhils.com> | 2018-11-09 09:06:04 +0100 |
commit | d4f4cfe2252ac82bc361c098e7fba48d70466890 (patch) | |
tree | 79c840861d323ce4a8980bceb2b0a3ccec2d5406 /mitmproxy | |
parent | 3f3ed4743a3dda8901a35aa14d8e1c689933a1a4 (diff) | |
download | mitmproxy-d4f4cfe2252ac82bc361c098e7fba48d70466890.tar.gz mitmproxy-d4f4cfe2252ac82bc361c098e7fba48d70466890.tar.bz2 mitmproxy-d4f4cfe2252ac82bc361c098e7fba48d70466890.zip |
Add Organization field for the generated certificate (#3376)
add organization field for the generated certificate
Diffstat (limited to 'mitmproxy')
-rw-r--r-- | mitmproxy/certs.py | 20 | ||||
-rw-r--r-- | mitmproxy/proxy/protocol/tls.py | 5 |
2 files changed, 21 insertions, 4 deletions
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py index 8b8ba6f2..6970618e 100644 --- a/mitmproxy/certs.py +++ b/mitmproxy/certs.py @@ -80,7 +80,7 @@ def create_ca(o, cn, exp): return key, cert -def dummy_cert(privkey, cacert, commonname, sans): +def dummy_cert(privkey, cacert, commonname, sans, o): """ Generates a dummy certificate. @@ -88,6 +88,7 @@ def dummy_cert(privkey, cacert, commonname, sans): cacert: CA certificate commonname: Common name for the generated certificate. sans: A list of Subject Alternate Names. + o: Organization name for the generated certificate. Returns cert if operation succeeded, None if not. """ @@ -107,6 +108,8 @@ def dummy_cert(privkey, cacert, commonname, sans): cert.set_issuer(cacert.get_subject()) if commonname is not None and len(commonname) < 64: cert.get_subject().CN = commonname + if o is not None: + cert.get_subject().O = o cert.set_serial_number(int(time.time() * 10000)) if ss: cert.set_version(2) @@ -305,7 +308,7 @@ class CertStore: ret.append(b"*." + b".".join(parts[i:])) return ret - def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes]): + def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], o: typing.Optional[bytes] = None): """ Returns an (cert, privkey, cert_chain) tuple. @@ -313,6 +316,8 @@ class CertStore: valid, plain-ASCII, IDNA-encoded domain name. sans: A list of Subject Alternate Names. + + o: Organization name for the generated certificate. """ potential_keys: typing.List[TCertId] = [] @@ -335,7 +340,8 @@ class CertStore: self.default_privatekey, self.default_ca, commonname, - sans), + sans, + o), privatekey=self.default_privatekey, chain_file=self.default_chain_file) self.certs[(commonname, tuple(sans))] = entry @@ -448,6 +454,14 @@ class Cert(serializable.Serializable): return c @property + def o(self): + c = None + for i in self.subject: + if i[0] == b"O": + c = i[1] + return c + + @property def altnames(self): """ Returns: diff --git a/mitmproxy/proxy/protocol/tls.py b/mitmproxy/proxy/protocol/tls.py index 3f337a2a..3577af13 100644 --- a/mitmproxy/proxy/protocol/tls.py +++ b/mitmproxy/proxy/protocol/tls.py @@ -469,6 +469,7 @@ class TlsLayer(base.Layer): """ host = None sans = set() + o = None # In normal operation, the server address should always be known at this point. # However, we may just want to establish TLS so that we can send an error message to the client, @@ -488,6 +489,8 @@ class TlsLayer(base.Layer): if upstream_cert.cn: sans.add(host) host = upstream_cert.cn.decode("utf8").encode("idna") + if upstream_cert.o: + o = upstream_cert.o # Also add SNI values. if self._client_hello.sni: sans.add(self._client_hello.sni.encode("idna")) @@ -498,4 +501,4 @@ class TlsLayer(base.Layer): # In other words, the Common Name is irrelevant then. if host: sans.add(host) - return self.config.certstore.get_cert(host, list(sans)) + return self.config.certstore.get_cert(host, list(sans), o) |