diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2013-01-20 22:13:38 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2013-01-20 22:13:38 +1300 |
| commit | 00d20abdd4863d15fdda826615dab264c8e14d4a (patch) | |
| tree | eac1a86a85e0215a49b18c49d62a9eac86130034 /netlib | |
| parent | 1499529e62e6d2892a6908472398854094af89fb (diff) | |
| download | mitmproxy-00d20abdd4863d15fdda826615dab264c8e14d4a.tar.gz mitmproxy-00d20abdd4863d15fdda826615dab264c8e14d4a.tar.bz2 mitmproxy-00d20abdd4863d15fdda826615dab264c8e14d4a.zip | |
Beef up client certificate handling substantially.
Diffstat (limited to 'netlib')
| -rw-r--r-- | netlib/certutils.py | 6 | ||||
| -rw-r--r-- | netlib/tcp.py | 10 |
2 files changed, 12 insertions, 4 deletions
diff --git a/netlib/certutils.py b/netlib/certutils.py index 3fd57b2b..e1407936 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -256,11 +256,11 @@ class SSLCert: @property def cn(self): - cn = None + c = None for i in self.subject: if i[0] == "CN": - cn = i[1] - return cn + c = i[1] + return c @property def altnames(self): diff --git a/netlib/tcp.py b/netlib/tcp.py index afb7e059..4b547d1f 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -173,10 +173,14 @@ class TCPClient: self.ssl_established = False def convert_to_ssl(self, clientcert=None, sni=None, method=TLSv1_METHOD, options=None): + """ + clientcert: Path to a file containing both client cert and private key. + """ context = SSL.Context(method) if not options is None: ctx.set_options(options) if clientcert: + context.use_privatekey_file(clientcert) context.use_certificate_file(clientcert) self.connection = SSL.Connection(context, self.connection) self.ssl_established = True @@ -238,6 +242,7 @@ class BaseHandler: self.server = server self.finished = False self.ssl_established = False + self.clientcert = None def convert_to_ssl(self, cert, key, method=SSLv23_METHOD, options=None): """ @@ -246,13 +251,16 @@ class BaseHandler: ctx = SSL.Context(method) if not options is None: ctx.set_options(options) + # SNI callback happens during do_handshake() ctx.set_tlsext_servername_callback(self.handle_sni) ctx.use_privatekey_file(key) ctx.use_certificate_file(cert) + def ver(*args): + self.clientcert = certutils.SSLCert(args[1]) + ctx.set_verify(SSL.VERIFY_PEER, ver) self.connection = SSL.Connection(ctx, self.connection) self.ssl_established = True self.connection.set_accept_state() - # SNI callback happens during do_handshake() try: self.connection.do_handshake() except SSL.Error, v: |