diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2011-06-27 16:10:17 +1200 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2011-06-27 16:10:17 +1200 |
| commit | 0a642f2441f30988db3ca5db276716e2371e6f2f (patch) | |
| tree | daeac568322aefc1b49582d97d9510a5638e160b /libmproxy | |
| parent | f004326855126e01e7a095fc65562c41060ffbed (diff) | |
| download | mitmproxy-0a642f2441f30988db3ca5db276716e2371e6f2f.tar.gz mitmproxy-0a642f2441f30988db3ca5db276716e2371e6f2f.tar.bz2 mitmproxy-0a642f2441f30988db3ca5db276716e2371e6f2f.zip | |
Make the certificate wait time configurable.
Since OpenSSL doesn't let us set certificate start times in the past, the
client and proxy machine time must be synchronized, or the client might reject
the certificate. We can bodgy over small discrepancies by waiting a few seconds
after a new certificate is generated (i.e. the first time an SSL domain is contacted).
Make this a configurable option, and turn it off by default.
Diffstat (limited to 'libmproxy')
| -rw-r--r-- | libmproxy/cmdline.py | 6 | ||||
| -rw-r--r-- | libmproxy/proxy.py | 7 | ||||
| -rw-r--r-- | libmproxy/utils.py | 1 |
3 files changed, 11 insertions, 3 deletions
diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py index ce68baed..238853c6 100644 --- a/libmproxy/cmdline.py +++ b/libmproxy/cmdline.py @@ -116,6 +116,12 @@ def common_options(parser): ) parser.add_option_group(group) + parser.add_option( + "--cert-wait-time", + action="store", dest="cert_wait_time", default=0, + help="Wait for specified number of seconds after a new cert is generated. This can smooth over small discrepancies between the client and server times." + ) + group = optparse.OptionGroup(parser, "Server Replay") group.add_option( "-s", diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py index 77498842..916d18eb 100644 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -23,11 +23,12 @@ class ProxyError(Exception): class SSLConfig: - def __init__(self, certfile = None, ciphers = None, cacert = None): + def __init__(self, certfile = None, ciphers = None, cacert = None, cert_wait_time=None): self.certfile = certfile self.ciphers = ciphers self.cacert = cacert self.certdir = None + self.cert_wait_time = cert_wait_time def read_chunked(fp): @@ -613,6 +614,7 @@ class ProxyHandler(SocketServer.StreamRequestHandler): return self.config.certfile else: ret = utils.dummy_cert(self.config.certdir, self.config.cacert, host) + time.sleep(self.config.cert_wait_time) if not ret: raise ProxyError(400, "mitmproxy: Unable to generate dummy cert.") return ret @@ -784,5 +786,6 @@ def process_certificate_option_group(parser, options): return SSLConfig( certfile = options.cert, cacert = cacert, - ciphers = options.ciphers + ciphers = options.ciphers, + cert_wait_time = options.cert_wait_time ) diff --git a/libmproxy/utils.py b/libmproxy/utils.py index 6c9f3288..b5dc6d92 100644 --- a/libmproxy/utils.py +++ b/libmproxy/utils.py @@ -497,7 +497,6 @@ def dummy_cert(certdir, ca, commonname): stdin=subprocess.PIPE ) if ret: return None - time.sleep(CERT_SLEEP_TIME) return certpath |