Implement custom certs.

author: Aldo Cortesi <aldo@nullcube.com> 2014-03-02 15:13:56 +1300
committer: Aldo Cortesi <aldo@nullcube.com> 2014-03-02 15:13:56 +1300
commit: 234d326080ac471ed5a92f08db458f29568f0dd4 (patch)
tree: 703698168c0f143f12fdf38aa68e73969772b358 /libpathod/pathod.py
parent: 091e539a0203ca272e3a4ba2a9f23331bbd85005 (diff)
download: mitmproxy-234d326080ac471ed5a92f08db458f29568f0dd4.tar.gz
mitmproxy-234d326080ac471ed5a92f08db458f29568f0dd4.tar.bz2
mitmproxy-234d326080ac471ed5a92f08db458f29568f0dd4.zip
1 files changed, 19 insertions, 10 deletions
diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index c0c89ff1..2feb6996 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -14,15 +14,18 @@ class PathodError(Exception): pass
 
 
 class SSLOptions:
-    def __init__(self, confdir=CONFDIR, cn=None, certfile=None, 
+    def __init__(self, confdir=CONFDIR, cn=None, certfile=None, cacert=None,
                        not_after_connect=None, request_client_cert=False, 
                        sslversion=tcp.SSLv23_METHOD, ciphers=None):
         self.confdir = confdir
         self.cn = cn
-        cacert = os.path.join(confdir, CA_CERT_NAME)
-        self.cacert = os.path.expanduser(cacert)
-        if not os.path.exists(self.cacert):
-            certutils.dummy_ca(self.cacert)
+        if cacert:
+            self.cacert = os.path.expanduser(cacert)
+        else:
+            cacert = os.path.join(confdir, CA_CERT_NAME)
+            self.cacert = os.path.expanduser(cacert)
+            if not os.path.exists(self.cacert):
+                certutils.dummy_ca(self.cacert)
         self.certstore = certutils.CertStore(self.cacert)
         self.certfile = certfile 
         self.not_after_connect = not_after_connect
@@ -30,6 +33,15 @@ class SSLOptions:
         self.ciphers = ciphers
         self.sslversion = sslversion
 
+    def get_cert(self, name):
+        if self.certfile:
+            return certutils.SSLCert.from_pem(file(self.certfile, "rb").read())
+        if self.cn:
+            name = self.cn
+        elif not name:
+            name = DEFAULT_CERT_DOMAIN
+        return self.certstore.get_cert(name, [])
+
 
 
 class PathodHandler(tcp.BaseHandler):
@@ -91,7 +103,7 @@ class PathodHandler(tcp.BaseHandler):
             if not self.server.ssloptions.not_after_connect:
                 try:
                     self.convert_to_ssl(
-                        self.server.ssloptions.certstore.get_cert(DEFAULT_CERT_DOMAIN, []),
+                        self.server.ssloptions.get_cert(None),
                         self.server.ssloptions.cacert,
                         handle_sni = self.handle_sni,
                         request_client_cert = self.server.ssloptions.request_client_cert,
@@ -199,10 +211,7 @@ class PathodHandler(tcp.BaseHandler):
         if self.server.ssl:
             try:
                 self.convert_to_ssl(
-                    self.server.ssloptions.certstore.get_cert(
-                        self.server.ssloptions.cn or DEFAULT_CERT_DOMAIN,   
-                        []
-                    ),
+                    self.server.ssloptions.get_cert(None),
                     self.server.ssloptions.cacert,
                     handle_sni = self.handle_sni,
                     request_client_cert = self.server.ssloptions.request_client_cert,
author	Aldo Cortesi <aldo@nullcube.com>	2014-03-02 15:13:56 +1300
committer	Aldo Cortesi <aldo@nullcube.com>	2014-03-02 15:13:56 +1300
commit	234d326080ac471ed5a92f08db458f29568f0dd4 (patch)
tree	703698168c0f143f12fdf38aa68e73969772b358 /libpathod/pathod.py
parent	091e539a0203ca272e3a4ba2a9f23331bbd85005 (diff)
download	mitmproxy-234d326080ac471ed5a92f08db458f29568f0dd4.tar.gz mitmproxy-234d326080ac471ed5a92f08db458f29568f0dd4.tar.bz2 mitmproxy-234d326080ac471ed5a92f08db458f29568f0dd4.zip