diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2013-01-06 01:34:39 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2013-01-06 01:34:39 +1300 |
| commit | e4acace8ea741af798523d6ff1d148d129f23582 (patch) | |
| tree | cbb1ed314469ab45ba7d39e47dba0931a9249305 /netlib/certutils.py | |
| parent | 91834ea78f36e1e89d4f19ecdddef83b0286b4d4 (diff) | |
| download | mitmproxy-e4acace8ea741af798523d6ff1d148d129f23582.tar.gz mitmproxy-e4acace8ea741af798523d6ff1d148d129f23582.tar.bz2 mitmproxy-e4acace8ea741af798523d6ff1d148d129f23582.zip | |
Sanity-check certstore common names.
Diffstat (limited to 'netlib/certutils.py')
| -rw-r--r-- | netlib/certutils.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/netlib/certutils.py b/netlib/certutils.py index 87d9d5d8..3fd57b2b 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -136,6 +136,18 @@ class CertStore: self.remove = True self.certdir = tempfile.mkdtemp(prefix="certstore") + def check_domain(self, commonname): + try: + commonname.decode("idna") + commonname.decode("ascii") + except: + return False + if ".." in commonname: + return False + if "/" in commonname: + return False + return True + def get_cert(self, commonname, sans, cacert=False): """ Returns the path to a certificate. @@ -147,7 +159,11 @@ class CertStore: cacert: An optional path to a CA certificate. If specified, the cert is created if it does not exist, else return None. + + Return None if the certificate could not be found or generated. """ + if not self.check_domain(commonname): + return None certpath = os.path.join(self.certdir, commonname + ".pem") if os.path.exists(certpath): return certpath |