remove certforward feature

The certforward feature was implemented to support #gotofail, which only works on unpatched iOS devices. Given that many apps don't support iOS 7 anymore, jailbreak+ssl killswitch is usually the better option. By removing certforward, we can make netlib a pure python module again, which significantly simplifies distribution.
author: Maximilian Hils <git@maximilianhils.com> 2015-06-26 13:27:40 +0200
committer: Maximilian Hils <git@maximilianhils.com> 2015-06-26 13:27:40 +0200
commit: b369962cbe632588baf7b10917e3d31b91a18dbd (patch)
tree: 17b159340db4f3458d926e97fdd0d60cb02210aa /libmproxy/proxy/server.py
parent: 876252eba8272409e29ddea2806835e147bc6f70 (diff)
download: mitmproxy-b369962cbe632588baf7b10917e3d31b91a18dbd.tar.gz
mitmproxy-b369962cbe632588baf7b10917e3d31b91a18dbd.tar.bz2
mitmproxy-b369962cbe632588baf7b10917e3d31b91a18dbd.zip
1 files changed, 19 insertions, 23 deletions
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py
index 71704413..051e8489 100644
--- a/libmproxy/proxy/server.py
+++ b/libmproxy/proxy/server.py
@@ -303,29 +303,25 @@ class ConnectionHandler:
         self.channel.tell("log", Log(msg, level))
 
     def find_cert(self):
-        if self.config.certforward and self.server_conn.ssl_established:
-            return self.server_conn.cert, self.config.certstore.gen_pkey(
-                self.server_conn.cert), None
-        else:
-            host = self.server_conn.address.host
-            sans = []
-            if self.server_conn.ssl_established and (
-                    not self.config.no_upstream_cert):
-                upstream_cert = self.server_conn.cert
-                sans.extend(upstream_cert.altnames)
-                if upstream_cert.cn:
-                    sans.append(host)
-                    host = upstream_cert.cn.decode("utf8").encode("idna")
-            if self.server_conn.sni:
-                sans.append(self.server_conn.sni)
-            # for ssl spoof mode
-            if hasattr(self.client_conn, "sni"):
-                sans.append(self.client_conn.sni)
-
-            ret = self.config.certstore.get_cert(host, sans)
-            if not ret:
-                raise ProxyError(502, "Unable to generate dummy cert.")
-            return ret
+        host = self.server_conn.address.host
+        sans = []
+        if self.server_conn.ssl_established and (
+                not self.config.no_upstream_cert):
+            upstream_cert = self.server_conn.cert
+            sans.extend(upstream_cert.altnames)
+            if upstream_cert.cn:
+                sans.append(host)
+                host = upstream_cert.cn.decode("utf8").encode("idna")
+        if self.server_conn.sni:
+            sans.append(self.server_conn.sni)
+        # for ssl spoof mode
+        if hasattr(self.client_conn, "sni"):
+            sans.append(self.client_conn.sni)
+
+        ret = self.config.certstore.get_cert(host, sans)
+        if not ret:
+            raise ProxyError(502, "Unable to generate dummy cert.")
+        return ret
 
     def handle_sni(self, connection):
         """
author	Maximilian Hils <git@maximilianhils.com>	2015-06-26 13:27:40 +0200
committer	Maximilian Hils <git@maximilianhils.com>	2015-06-26 13:27:40 +0200
commit	b369962cbe632588baf7b10917e3d31b91a18dbd (patch)
tree	17b159340db4f3458d926e97fdd0d60cb02210aa /libmproxy/proxy/server.py
parent	876252eba8272409e29ddea2806835e147bc6f70 (diff)
download	mitmproxy-b369962cbe632588baf7b10917e3d31b91a18dbd.tar.gz mitmproxy-b369962cbe632588baf7b10917e3d31b91a18dbd.tar.bz2 mitmproxy-b369962cbe632588baf7b10917e3d31b91a18dbd.zip