diff options
Diffstat (limited to 'libmproxy/protocol')
| -rw-r--r-- | libmproxy/protocol/tls.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/libmproxy/protocol/tls.py b/libmproxy/protocol/tls.py index 28f8c177..af1a6055 100644 --- a/libmproxy/protocol/tls.py +++ b/libmproxy/protocol/tls.py @@ -529,9 +529,20 @@ class TlsLayer(Layer): self.log("ALPN selected by server: %s" % self.alpn_for_client_connection, "debug") def _find_cert(self): - host = self.server_conn.address.host + """ + This function determines the Common Name (CN) and Subject Alternative Names (SANs) + our certificate should have and then fetches a matching cert from the certstore. + """ + host = None sans = set() - # Incorporate upstream certificate + + # In normal operation, the server address should always be known at this point. + # However, we may just want to establish TLS so that we can send an error message to the client, + # in which case the address can be None. + if self.server_conn.address: + host = self.server_conn.address.host + + # Should we incorporate information from the server certificate? use_upstream_cert = ( self.server_conn and self.server_conn.tls_established and @@ -549,4 +560,5 @@ class TlsLayer(Layer): if self._sni_from_server_change: sans.add(self._sni_from_server_change) + sans.discard(host) return self.config.certstore.get_cert(host, list(sans)) |