diff options
author | Maximilian Hils <git@maximilianhils.com> | 2016-03-17 02:28:00 +0100 |
---|---|---|
committer | Maximilian Hils <git@maximilianhils.com> | 2016-03-17 02:28:00 +0100 |
commit | 983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074 (patch) | |
tree | 2bc6b0ca4cc98cc7f9f5475dd813b581b1fcb02f /netlib | |
parent | f118d9abb16b608d28cbd4a78356791802286df1 (diff) | |
parent | b4e7aaf2f68af60ec32219d27d3d10b79f5d0610 (diff) | |
download | mitmproxy-983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074.tar.gz mitmproxy-983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074.tar.bz2 mitmproxy-983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074.zip |
Merge pull request #1014 from ikoz/master
New option: Add server certs to client chain
Diffstat (limited to 'netlib')
-rw-r--r-- | netlib/tcp.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py index 574f3845..04aa868b 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -586,6 +586,7 @@ class TCPClient(_Connection): self.address = address self.source_address = source_address self.cert = None + self.server_certs = [] self.ssl_verification_error = None self.sni = None @@ -670,6 +671,10 @@ class TCPClient(_Connection): self.cert = certutils.SSLCert(self.connection.get_peer_certificate()) + # Keep all server certificates in a list + for i in self.connection.get_peer_cert_chain(): + self.server_certs.append(certutils.SSLCert(i)) + # Validate TLS Hostname try: crt = dict( @@ -737,6 +742,7 @@ class BaseHandler(_Connection): request_client_cert=None, chain_file=None, dhparams=None, + extra_chain_certs=None, **sslctx_kwargs): """ cert: A certutils.SSLCert object or the path to a certificate @@ -772,6 +778,10 @@ class BaseHandler(_Connection): else: context.use_certificate_chain_file(cert) + if extra_chain_certs: + for i in extra_chain_certs: + context.add_extra_chain_cert(i.x509) + if handle_sni: # SNI callback happens during do_handshake() context.set_tlsext_servername_callback(handle_sni) |