aboutsummaryrefslogtreecommitdiffstats
path: root/netlib/certutils.py
Commit message (Collapse)AuthorAgeFilesLines
* Set default cert expiry to <39 monthsMaximilian Hils2015-11-041-1/+2
| | | This sould fix mitmproxy/mitmproxy#815
* python3++Maximilian Hils2015-09-201-3/+3
|
* python3++Maximilian Hils2015-09-201-5/+6
|
* python3++Maximilian Hils2015-09-181-20/+20
|
* properly handle SNI IPsMaximilian Hils2015-09-181-2/+9
| | | | | | fixes mitmproxy/mitmproxy#772 We must use the ipaddress package here, because that's what cryptography uses. If we opt for something else, we have nasty namespace conflicts.
* add distinct error for cert verification issuesMaximilian Hils2015-07-241-2/+0
|
* remove certffiMaximilian Hils2015-06-261-6/+0
|
* mark unused variables and argumentsThomas Kriechbaumer2015-06-181-1/+1
|
* Adjust pep8 parameters, reformatAldo Cortesi2015-05-301-18/+57
|
* Satisfy autobots.Aldo Cortesi2015-05-281-1/+2
|
* Merge branch 'Kriechi-cleanup'Aldo Cortesi2015-05-281-23/+45
|\
| * cleanup code with autopep8Thomas Kriechbaumer2015-05-271-24/+32
| | | | | | | | run the following command: $ autopep8 -i -r -a -a .
* | update TLS defaults: signature hash and DH paramsThomas Kriechbaumer2015-05-271-11/+21
|/ | | | | * SHA1 is deprecated (use SHA256) * increase RSA key to 2048 bits * increase DH params to 4096 bits (LogJam attack)
* fix code smellMaximilian Hils2015-04-091-2/+2
|
* ...two years is not enough.Maximilian Hils2015-02-171-2/+2
|
* 5 years is enough...Aldo Cortesi2015-02-171-1/+1
|
* By popular demand, bump dummy cert expiry to 5 yearsAldo Cortesi2015-02-171-1/+1
| | | | fixes #52
* clean up codeMaximilian Hils2014-10-091-36/+37
|
* CertStore: add support for cert chainsMaximilian Hils2014-10-081-29/+41
|
* Merge pull request #34 from bbaetz/masterAldo Cortesi2014-09-071-4/+4
|\ | | | | Change the criticality of a number of X509 extentions, to match
| * Change the criticality of a number of X509 extentions, to matchBradley Baetz2014-03-201-4/+4
| | | | | | | | | | | | the RFCs and real-world CAs/certs. This improve compatability with older browsers/clients.
* | make inequality comparison workMaximilian Hils2014-09-041-0/+3
| |
* | minor cleanupsMaximilian Hils2014-08-161-12/+3
| |
* | certstore: add support for asterisk form to DNTree replacementMaximilian Hils2014-07-191-1/+18
| |
* | temporarily replace DNTree with a simpler cert lookup mechanism, fix ↵Maximilian Hils2014-07-181-46/+53
| | | | | | | | mitmproxy/mitmproxy#295
* | mark nsCertType non-critical, fix #39Maximilian Hils2014-06-291-1/+1
| |
* | Update certutils.pyMaximilian Hils2014-04-251-1/+1
|/ | | refs mitmproxy/mitmproxy#200
* create dhparam file if it doesn't exist, fix mitmproxy/mitmproxy#235Maximilian Hils2014-03-111-0/+7
|
* Certificate flagsAldo Cortesi2014-03-101-0/+7
|
* Support Ephemeral Diffie-HellmanAldo Cortesi2014-03-071-5/+19
|
* CertStore: cope with certs that have no common nameAldo Cortesi2014-03-051-3/+4
|
* Much more sophisticated certificate storeAldo Cortesi2014-03-051-12/+75
| | | | | | | - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications)
* Beef up CertStore, add DH params.Aldo Cortesi2014-03-041-72/+85
|
* Minor improvement to CertStore interfaceAldo Cortesi2014-03-021-5/+4
|
* move StateObject back into libmproxyMaximilian Hils2014-01-311-11/+1
|
* remove subclassing of tuple in tcp.Address, move StateObject into netlibMaximilian Hils2014-01-301-1/+11
|
* add tcp.Address to unify ipv4/ipv6 address handlingMaximilian Hils2014-01-281-1/+1
|
* Make certificate not-before time 48 hours.Aldo Cortesi2014-01-081-1/+1
| | | | Fixes #200
* Domain checks for persistent cert store is now irrelevant.Aldo Cortesi2013-12-081-14/+0
| | | | | We no longer store these on disk, so we don't care about path components.
* Merge pull request #22 from fictivekin/custom-o-cnAldo Cortesi2013-12-071-6/+9
|\ | | | | allow specification of o, cn, expiry
| * allow specification of o, cn, expirySean Coates2013-10-071-6/+9
| |
* | remove tempfile and shutil imports because they're not actually usedSean Coates2013-10-071-1/+1
|/
* Don't create a certificate request when creating a dummy certPaul2013-09-241-10/+2
|
* Revamp dummy cert generation.Aldo Cortesi2013-08-121-32/+13
| | | | We no longer use on-disk storage - we just keep the certs in memory.
* always read files in binary modeMaximilian Hils2013-06-161-6/+6
|
* Add a request_client_cert argument to server SSL conversion.Aldo Cortesi2013-05-131-3/+0
| | | | | | | | | | By default, we now do not request the client cert. We're supposed to be able to do this with no negative effects - if the client has no cert to present, we're notified and proceed as usual. Unfortunately, Android seems to have a bug (tested on 4.2.2) - when an Android client is asked to present a certificate it does not have, it hangs up, which is frankly bogus. Some time down the track we may be able to make the proper behaviour the default again, but until then we're conservative.
* extensions aren't supported in v1, set to v3 (value=2) if using them.Tim Becker2013-04-191-0/+1
|
* Housekeeping and cleanup, some minor argument name changes.Aldo Cortesi2013-02-241-1/+0
|
* More accurate description of an HTTP read error, make pyflakes happy.Aldo Cortesi2013-02-241-1/+1
|
* Beef up client certificate handling substantially.Aldo Cortesi2013-01-201-3/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 08:22:17 +0000