diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2014-03-02 13:45:35 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2014-03-02 13:45:35 +1300 |
| commit | 091e539a0203ca272e3a4ba2a9f23331bbd85005 (patch) | |
| tree | ca907e8b2983360d666d134a5000cb6a26be6512 /pathod | |
| parent | a1d0da2b533b986967a8714c02d567c943d11929 (diff) | |
| download | mitmproxy-091e539a0203ca272e3a4ba2a9f23331bbd85005.tar.gz mitmproxy-091e539a0203ca272e3a4ba2a9f23331bbd85005.tar.bz2 mitmproxy-091e539a0203ca272e3a4ba2a9f23331bbd85005.zip | |
Big improvements to SSL handling
- pathod now dynamically generates SSL certs, using the ~/.mitmproxy
cacert
- pathoc returns data on SSL peer certificates
- Pathod certificate CN can be specified on command line
- Support SSLv23
Diffstat (limited to 'pathod')
| -rwxr-xr-x | pathod | 34 |
1 files changed, 18 insertions, 16 deletions
@@ -31,16 +31,13 @@ def daemonize (stdin='/dev/null', stdout='/dev/null', stderr='/dev/null'): def main(parser, args): - sl = [args.ssl_keyfile, args.ssl_certfile] - if any(sl) and not all(sl): - parser.error("Both --certfile and --keyfile must be specified.") - ssloptions = pathod.SSLOptions( - keyfile = args.ssl_keyfile, - certfile = args.ssl_certfile, - not_after_connect = args.ssl_not_after_connect, - ciphers = args.ciphers, - sslversion = utils.SSLVERSIONS[args.sslversion] + cn = args.cn, + confdir = args.confdir, + certfile = args.ssl_certfile, + not_after_connect = args.ssl_not_after_connect, + ciphers = args.ciphers, + sslversion = utils.SSLVERSIONS[args.sslversion] ) alst = [] @@ -122,6 +119,11 @@ if __name__ == "__main__": help='Anchorpoint for URL crafting commands.' ) parser.add_argument( + "--confdir", + action="store", type = str, dest="confdir", default='~/.mitmproxy', + help = "Configuration directory. (~/.mitmproxy)" + ) + parser.add_argument( "-d", dest='staticdir', default=None, type=str, help='Directory for static files.' ) @@ -159,16 +161,16 @@ if __name__ == "__main__": 'SSL', ) group.add_argument( - "-C", dest='ssl_not_after_connect', default=False, action="store_true", - help="Don't expect SSL after a CONNECT request." - ) - group.add_argument( "-s", dest='ssl', default=False, action="store_true", help='Run in HTTPS mode.' ) group.add_argument( - "--keyfile", dest='ssl_keyfile', default=None, type=str, - help='SSL key file. If not specified, a default key is used.' + "--cn", dest="cn", type=str, default=None, + help="CN for generated SSL certs. Default: %s"%pathod.DEFAULT_CERT_DOMAIN + ) + group.add_argument( + "-C", dest='ssl_not_after_connect', default=False, action="store_true", + help="Don't expect SSL after a CONNECT request." ) group.add_argument( "--certfile", dest='ssl_certfile', default=None, type=str, @@ -181,7 +183,7 @@ if __name__ == "__main__": group.add_argument( "--sslversion", dest="sslversion", type=int, default=4, choices=[1, 2, 3, 4], - help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to SSLv23." + help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to SSLv23." ) group = parser.add_argument_group( |