diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2013-12-08 13:15:08 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2013-12-08 13:15:08 +1300 |
| commit | d05c20d8fab3345e19c06ac0de00a2c8f30c44ef (patch) | |
| tree | 3b8b93f1e3cca25473ab75d1e834752f5fe3afe7 | |
| parent | 75745cb0af9a9b13d075355524947e70209d484b (diff) | |
| download | mitmproxy-d05c20d8fab3345e19c06ac0de00a2c8f30c44ef.tar.gz mitmproxy-d05c20d8fab3345e19c06ac0de00a2c8f30c44ef.tar.bz2 mitmproxy-d05c20d8fab3345e19c06ac0de00a2c8f30c44ef.zip | |
Domain checks for persistent cert store is now irrelevant.
We no longer store these on disk, so we don't care about path
components.
| -rw-r--r-- | netlib/certutils.py | 14 | ||||
| -rw-r--r-- | netlib/tcp.py | 5 | ||||
| -rw-r--r-- | test/test_certutils.py | 9 |
3 files changed, 3 insertions, 25 deletions
diff --git a/netlib/certutils.py b/netlib/certutils.py index 22b5c35c..d9b8ce57 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -116,18 +116,6 @@ class CertStore: def __init__(self): self.certs = {} - def check_domain(self, commonname): - try: - commonname.decode("idna") - commonname.decode("ascii") - except: - return False - if ".." in commonname: - return False - if "/" in commonname: - return False - return True - def get_cert(self, commonname, sans, cacert): """ Returns an SSLCert object. @@ -141,8 +129,6 @@ class CertStore: Return None if the certificate could not be found or generated. """ - if not self.check_domain(commonname): - return None if commonname in self.certs: return self.certs[commonname] c = dummy_cert(cacert, commonname, sans) diff --git a/netlib/tcp.py b/netlib/tcp.py index 8fe04d2e..b3be43d6 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -346,8 +346,9 @@ class BaseHandler: self.connection.sock_shutdown(socket.SHUT_WR) else: self.connection.shutdown(socket.SHUT_WR) - #Section 4.2.2.13 of RFC 1122 tells us that a close() with any pending readable data could lead to an immediate RST being sent. - #http://ia600609.us.archive.org/22/items/TheUltimateSo_lingerPageOrWhyIsMyTcpNotReliable/the-ultimate-so_linger-page-or-why-is-my-tcp-not-reliable.html + # Section 4.2.2.13 of RFC 1122 tells us that a close() with any + # pending readable data could lead to an immediate RST being sent. + # http://ia600609.us.archive.org/22/items/TheUltimateSo_lingerPageOrWhyIsMyTcpNotReliable/the-ultimate-so_linger-page-or-why-is-my-tcp-not-reliable.html while self.connection.recv(4096): pass except (socket.error, SSL.Error): diff --git a/test/test_certutils.py b/test/test_certutils.py index 0b4baf75..7a00caca 100644 --- a/test/test_certutils.py +++ b/test/test_certutils.py @@ -32,15 +32,6 @@ class TestCertStore: assert c.get_cert("foo.com", [], ca) assert c.get_cert("*.foo.com", [], ca) - def test_check_domain(self): - c = certutils.CertStore() - assert c.check_domain("foo") - assert c.check_domain("\x01foo") - assert not c.check_domain("\xfefoo") - assert not c.check_domain("xn--\0") - assert not c.check_domain("foo..foo") - assert not c.check_domain("foo/foo") - class TestDummyCert: def test_with_ca(self): |