Expand SSL support

- Cipher suite selection for both pathoc and pathod - SSL version specification for pathod - Expose SSLv23 as an option, and use it by default
author: Aldo Cortesi <aldo@nullcube.com> 2014-02-27 18:33:48 +1300
committer: Aldo Cortesi <aldo@nullcube.com> 2014-02-27 18:33:48 +1300
commit: a1d0da2b533b986967a8714c02d567c943d11929 (patch)
tree: 85bef20967e278071c6ac3de9546d9b7f4d8a17d /libpathod/pathod.py
parent: 0c04abb6e4c549646c06ef9e270d1b42c1ffaf1d (diff)
download: mitmproxy-a1d0da2b533b986967a8714c02d567c943d11929.tar.gz
mitmproxy-a1d0da2b533b986967a8714c02d567c943d11929.tar.bz2
mitmproxy-a1d0da2b533b986967a8714c02d567c943d11929.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index e71701fb..a8c2a29f 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -9,12 +9,14 @@ class PathodError(Exception): pass
 
 
 class SSLOptions:
-    def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False):
+    def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False, sslversion=tcp.SSLv23_METHOD, ciphers=None):
         self.keyfile = keyfile or utils.data.path("resources/server.key")
         self.certfile = certfile or utils.data.path("resources/server.crt")
         self.cert = certutils.SSLCert.from_pem(file(self.certfile, "rb").read())
         self.not_after_connect = not_after_connect
         self.request_client_cert = request_client_cert
+        self.ciphers = ciphers
+        self.sslversion = sslversion
 
 
 class PathodHandler(tcp.BaseHandler):
@@ -79,7 +81,9 @@ class PathodHandler(tcp.BaseHandler):
                         self.server.ssloptions.cert,
                         self.server.ssloptions.keyfile,
                         handle_sni = self.handle_sni,
-                        request_client_cert = self.server.ssloptions.request_client_cert
+                        request_client_cert = self.server.ssloptions.request_client_cert,
+                        cipher_list = self.server.ssloptions.ciphers,
+                        method = self.server.ssloptions.sslversion,
                     )
                 except tcp.NetLibError, v:
                     s = str(v)
@@ -185,7 +189,9 @@ class PathodHandler(tcp.BaseHandler):
                     self.server.ssloptions.cert,
                     self.server.ssloptions.keyfile,
                     handle_sni = self.handle_sni,
-                    request_client_cert = self.server.ssloptions.request_client_cert
+                    request_client_cert = self.server.ssloptions.request_client_cert,
+                    cipher_list = self.server.ssloptions.ciphers,
+                    method = self.server.ssloptions.sslversion,
                 )
             except tcp.NetLibError, v:
                 s = str(v)
author	Aldo Cortesi <aldo@nullcube.com>	2014-02-27 18:33:48 +1300
committer	Aldo Cortesi <aldo@nullcube.com>	2014-02-27 18:33:48 +1300
commit	a1d0da2b533b986967a8714c02d567c943d11929 (patch)
tree	85bef20967e278071c6ac3de9546d9b7f4d8a17d /libpathod/pathod.py
parent	0c04abb6e4c549646c06ef9e270d1b42c1ffaf1d (diff)
download	mitmproxy-a1d0da2b533b986967a8714c02d567c943d11929.tar.gz mitmproxy-a1d0da2b533b986967a8714c02d567c943d11929.tar.bz2 mitmproxy-a1d0da2b533b986967a8714c02d567c943d11929.zip