diff options
Diffstat (limited to 'libmproxy')
| -rw-r--r-- | libmproxy/cmdline.py | 5 | ||||
| -rw-r--r-- | libmproxy/proxy.py | 20 | ||||
| -rw-r--r-- | libmproxy/utils.py | 52 |
3 files changed, 60 insertions, 17 deletions
diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py index 58dbadad..78a88e9e 100644 --- a/libmproxy/cmdline.py +++ b/libmproxy/cmdline.py @@ -30,6 +30,11 @@ def common_options(parser): help = "Address to bind proxy to (defaults to all interfaces)" ) parser.add_option( + "--confdir", + action="store", type = "str", dest="confdir", default='~/.mitmproxy', + help = "Configuration directory. (~/.mitmproxy)" + ) + parser.add_option( "-p", action="store", type = "int", dest="port", default=8080, help = "Proxy service port." diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py index 80040a03..1f6dafa8 100644 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -22,7 +22,7 @@ class ProxyError(Exception): return "ProxyError(%s, %s)"%(self.code, self.msg) -class Config: +class SSLConfig: def __init__(self, certfile = None, ciphers = None, cacert = None): self.certfile = certfile self.ciphers = ciphers @@ -770,11 +770,6 @@ def certificate_option_group(parser): help = "User-created SSL certificate file." ) group.add_option( - "--cacert", action="store", - type = "str", dest="cacert", default="~/.mitmproxy/ca.pem", - help = "SSL CA certificate file. Generated if it doesn't exist." - ) - group.add_option( "--ciphers", action="store", type = "str", dest="ciphers", default=None, help = "SSL ciphers." @@ -788,14 +783,15 @@ def process_certificate_option_group(parser, options): options.cert = os.path.expanduser(options.cert) if not os.path.exists(options.cert): parser.error("Manually created certificate does not exist: %s"%options.cert) - if options.cacert: - options.cacert = os.path.expanduser(options.cacert) - if not os.path.exists(options.cacert): - utils.dummy_ca(options.cacert) + + cacert = os.path.join(options.confdir, "mitmproxy-ca.pem") + cacert = os.path.expanduser(cacert) + if not os.path.exists(cacert): + utils.dummy_ca(cacert) if getattr(options, "cache", None) is not None: options.cache = os.path.expanduser(options.cache) - return Config( + return SSLConfig( certfile = options.cert, - cacert = options.cacert, + cacert = cacert, ciphers = options.ciphers ) diff --git a/libmproxy/utils.py b/libmproxy/utils.py index 34c49e14..699cb863 100644 --- a/libmproxy/utils.py +++ b/libmproxy/utils.py @@ -339,9 +339,15 @@ def dummy_ca(path): Returns True if operation succeeded, False if not. """ - d = os.path.dirname(path) - if not os.path.exists(d): - os.makedirs(d) + dirname = os.path.dirname(path) + if not os.path.exists(dirname): + os.makedirs(dirname) + + if path.endswith(".pem"): + basename, _ = os.path.splitext(path) + else: + basename = path + cmd = [ "openssl", "req", @@ -364,8 +370,44 @@ def dummy_ca(path): if ret: return False # end nocover - else: - return True + + cmd = [ + "openssl", + "pkcs12", + "-export", + "-password", "pass:", + "-nokeys", + "-in", path, + "-out", os.path.join(dirname, basename + "-cert.p12") + ] + ret = subprocess.call( + cmd, + stderr=subprocess.PIPE, + stdout=subprocess.PIPE, + stdin=subprocess.PIPE + ) + # begin nocover + if ret: + return False + # end nocover + cmd = [ + "openssl", + "x509", + "-in", path, + "-out", os.path.join(dirname, basename + "-cert.pem") + ] + ret = subprocess.call( + cmd, + stderr=subprocess.PIPE, + stdout=subprocess.PIPE, + stdin=subprocess.PIPE + ) + # begin nocover + if ret: + return False + # end nocover + + return True def dummy_cert(certdir, ca, commonname): |