diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2014-03-05 15:03:31 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2014-03-05 15:03:31 +1300 |
| commit | e54bf1a804d4f93f2f3750ba9491934b3f44fc7d (patch) | |
| tree | 70bc3dc9ac278ec61ecbf702b605f30e6e123769 /pathod | |
| parent | 944f213ebca3bb70e0dc920d7095ae888cee2c8c (diff) | |
| download | mitmproxy-e54bf1a804d4f93f2f3750ba9491934b3f44fc7d.tar.gz mitmproxy-e54bf1a804d4f93f2f3750ba9491934b3f44fc7d.tar.bz2 mitmproxy-e54bf1a804d4f93f2f3750ba9491934b3f44fc7d.zip | |
Adjust for upstream cert store changes, improve cert handling significantly
Diffstat (limited to 'pathod')
| -rwxr-xr-x | pathod | 28 |
1 files changed, 18 insertions, 10 deletions
@@ -31,14 +31,23 @@ def daemonize (stdin='/dev/null', stdout='/dev/null', stderr='/dev/null'): def main(parser, args): + certs = [] + for i in args.ssl_certs: + parts = i.split("=", 1) + if len(parts) == 1: + parts = ["*", parts[0]] + parts[1] = os.path.expanduser(parts[1]) + if not os.path.exists(parts[1]): + parser.error("Certificate file does not exist: %s"%parts[1]) + certs.append(parts) + ssloptions = pathod.SSLOptions( cn = args.cn, confdir = args.confdir, - certfile = args.ssl_certfile, - keyfile = args.ssl_keyfile or args.ssl_certfile, not_after_connect = args.ssl_not_after_connect, ciphers = args.ciphers, - sslversion = utils.SSLVERSIONS[args.sslversion] + sslversion = utils.SSLVERSIONS[args.sslversion], + certs = certs ) alst = [] @@ -174,12 +183,12 @@ if __name__ == "__main__": help="Don't expect SSL after a CONNECT request." ) group.add_argument( - "--certfile", dest='ssl_certfile', default=None, type=str, - help='SSL certificate in PEM format, optionally with the key in the same file.' - ) - group.add_argument( - "--keyfile", dest='ssl_keyfile', default=None, type=str, - help='Key matching certfile.' + "--cert", dest='ssl_certs', default=[], type=str, + metavar = "SPEC", action="append", + help='Add an SSL certificate. SPEC is of the form "[domain=]path". '\ + 'The domain may include a wildcard, and is equal to "*" if not specified. '\ + 'The file at path is a certificate in PEM format. If a private key is included in the PEM, '\ + 'it is used, else the default key in the conf dir is used. Can be passed multiple times.' ) group.add_argument( "--ciphers", dest="ciphers", type=str, default=False, @@ -218,7 +227,6 @@ if __name__ == "__main__": "-x", dest="hexdump", action="store_true", default=False, help="Log request/response in hexdump format" ) - args = parser.parse_args() if args.daemonize: daemonize() |