aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mitmproxy/certs.py26
-rw-r--r--mitmproxy/proxy/protocol/tls.py10
-rw-r--r--test/mitmproxy/test_certs.py6
3 files changed, 21 insertions, 21 deletions
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py
index 6970618e..6f5f8c09 100644
--- a/mitmproxy/certs.py
+++ b/mitmproxy/certs.py
@@ -36,14 +36,14 @@ rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
"""
-def create_ca(o, cn, exp):
+def create_ca(organization, cn, exp):
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
cert = OpenSSL.crypto.X509()
cert.set_serial_number(int(time.time() * 10000))
cert.set_version(2)
cert.get_subject().CN = cn
- cert.get_subject().O = o
+ cert.get_subject().O = organization
cert.gmtime_adj_notBefore(-3600 * 48)
cert.gmtime_adj_notAfter(exp)
cert.set_issuer(cert.get_subject())
@@ -80,7 +80,7 @@ def create_ca(o, cn, exp):
return key, cert
-def dummy_cert(privkey, cacert, commonname, sans, o):
+def dummy_cert(privkey, cacert, commonname, sans, organization):
"""
Generates a dummy certificate.
@@ -88,7 +88,7 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
cacert: CA certificate
commonname: Common name for the generated certificate.
sans: A list of Subject Alternate Names.
- o: Organization name for the generated certificate.
+ organization: Organization name for the generated certificate.
Returns cert if operation succeeded, None if not.
"""
@@ -108,8 +108,8 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
cert.set_issuer(cacert.get_subject())
if commonname is not None and len(commonname) < 64:
cert.get_subject().CN = commonname
- if o is not None:
- cert.get_subject().O = o
+ if organization is not None:
+ cert.get_subject().O = organization
cert.set_serial_number(int(time.time() * 10000))
if ss:
cert.set_version(2)
@@ -215,14 +215,14 @@ class CertStore:
os.umask(original_umask)
@staticmethod
- def create_store(path, basename, o=None, cn=None, expiry=DEFAULT_EXP):
+ def create_store(path, basename, organization=None, cn=None, expiry=DEFAULT_EXP):
if not os.path.exists(path):
os.makedirs(path)
- o = o or basename
+ organization = organization or basename
cn = cn or basename
- key, ca = create_ca(o=o, cn=cn, exp=expiry)
+ key, ca = create_ca(organization=organization, cn=cn, exp=expiry)
# Dump the CA plus private key
with CertStore.umask_secret(), open(os.path.join(path, basename + "-ca.pem"), "wb") as f:
f.write(
@@ -308,7 +308,7 @@ class CertStore:
ret.append(b"*." + b".".join(parts[i:]))
return ret
- def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], o: typing.Optional[bytes] = None):
+ def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], organization: typing.Optional[bytes] = None):
"""
Returns an (cert, privkey, cert_chain) tuple.
@@ -317,7 +317,7 @@ class CertStore:
sans: A list of Subject Alternate Names.
- o: Organization name for the generated certificate.
+ organization: Organization name for the generated certificate.
"""
potential_keys: typing.List[TCertId] = []
@@ -341,7 +341,7 @@ class CertStore:
self.default_ca,
commonname,
sans,
- o),
+ organization),
privatekey=self.default_privatekey,
chain_file=self.default_chain_file)
self.certs[(commonname, tuple(sans))] = entry
@@ -454,7 +454,7 @@ class Cert(serializable.Serializable):
return c
@property
- def o(self):
+ def organization(self):
c = None
for i in self.subject:
if i[0] == b"O":
diff --git a/mitmproxy/proxy/protocol/tls.py b/mitmproxy/proxy/protocol/tls.py
index 3577af13..096aae9f 100644
--- a/mitmproxy/proxy/protocol/tls.py
+++ b/mitmproxy/proxy/protocol/tls.py
@@ -464,12 +464,12 @@ class TlsLayer(base.Layer):
def _find_cert(self):
"""
- This function determines the Common Name (CN) and Subject Alternative Names (SANs)
+ This function determines the Common Name (CN), Subject Alternative Names (SANs) and Organization Name
our certificate should have and then fetches a matching cert from the certstore.
"""
host = None
sans = set()
- o = None
+ organization = None
# In normal operation, the server address should always be known at this point.
# However, we may just want to establish TLS so that we can send an error message to the client,
@@ -489,8 +489,8 @@ class TlsLayer(base.Layer):
if upstream_cert.cn:
sans.add(host)
host = upstream_cert.cn.decode("utf8").encode("idna")
- if upstream_cert.o:
- o = upstream_cert.o
+ if upstream_cert.organization:
+ organization = upstream_cert.organization
# Also add SNI values.
if self._client_hello.sni:
sans.add(self._client_hello.sni.encode("idna"))
@@ -501,4 +501,4 @@ class TlsLayer(base.Layer):
# In other words, the Common Name is irrelevant then.
if host:
sans.add(host)
- return self.config.certstore.get_cert(host, list(sans), o)
+ return self.config.certstore.get_cert(host, list(sans), organization)
diff --git a/test/mitmproxy/test_certs.py b/test/mitmproxy/test_certs.py
index 9b4c9516..b8ad1d36 100644
--- a/test/mitmproxy/test_certs.py
+++ b/test/mitmproxy/test_certs.py
@@ -134,7 +134,7 @@ class TestDummyCert:
)
assert r.cn == b"foo.com"
assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
- assert r.o == b"Foo Ltd."
+ assert r.organization == b"Foo Ltd."
r = certs.dummy_cert(
ca.default_privatekey,
@@ -144,7 +144,7 @@ class TestDummyCert:
None
)
assert r.cn is None
- assert r.o is None
+ assert r.organization is None
assert r.altnames == []
@@ -156,7 +156,7 @@ class TestCert:
c1 = certs.Cert.from_pem(d)
assert c1.cn == b"google.com"
assert len(c1.altnames) == 436
- assert c1.o == b"Google Inc"
+ assert c1.organization == b"Google Inc"
with open(tdata.path("mitmproxy/net/data/text_cert_2"), "rb") as f:
d = f.read()