aboutsummaryrefslogtreecommitdiffstats
path: root/netlib/tcp.py
Commit message (Collapse)AuthorAgeFilesLines
* Simplified setting the source_address in the TCPClient constructorSandor Nemes2016-01-111-2/+1
|
* Added getter/setter for TCPClient source_addressSandor Nemes2016-01-081-0/+11
|
* Merge remote-tracking branch 'origin/hostname-validation'Maximilian Hils2015-11-041-7/+30
|\
| * fix certificate verificationMaximilian Hils2015-11-011-7/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes netlib's optional (turned off by default) certificate verification, which previously did not validate the cert's host name. As it turns out, verifying the connection's host name on an intercepting proxy is not really straightforward - if we receive a connection in transparent mode without SNI, we have no clue which hosts the client intends to connect to. There are two basic approaches to solve this problem: 1. Exactly mirror the host names presented by the server in the spoofed certificate presented to the client. 2. Require the client to send the TLS Server Name Indication extension. While this does not work with older clients, we can validate the hostname on the proxy. Approach 1 is problematic in mitmproxy's use case, as we may want to deliberately divert connections without the client's knowledge. As a consequence, we opt for approach 2. While mitmproxy does now require a SNI value to be sent by the client if certificate verification is turned on, we retain our ability to present certificates to the client which are accepted with a maximum likelihood.
* | minor fixesMaximilian Hils2015-11-011-2/+0
|/
* backport changesThomas Kriechbaumer2015-09-211-0/+1
|
* python3++Maximilian Hils2015-09-201-16/+12
|
* python3++Maximilian Hils2015-09-201-3/+5
|
* python3++Maximilian Hils2015-09-201-2/+2
|
* organize exceptions, improve content-length handlingMaximilian Hils2015-09-171-59/+49
|
* wipMaximilian Hils2015-09-151-4/+4
|
* don't yield empty chunksMaximilian Hils2015-09-111-1/+2
|
* add ssl_read_selectMaximilian Hils2015-09-101-0/+21
|
* add tcp.Address.__hash__Maximilian Hils2015-09-081-0/+3
|
* move sslversion mapping to netlibMaximilian Hils2015-08-291-0/+17
|
* wipMaximilian Hils2015-08-281-17/+1
|
* fix error messagesMaximilian Hils2015-08-251-2/+2
|
* tcp._Connection: clean up code, fix inheritanceMaximilian Hils2015-08-191-13/+18
|
* add ssl peek polyfillMaximilian Hils2015-08-191-2/+18
|
* TCPClient: more sophisticated address handlingMaximilian Hils2015-08-181-11/+23
|
* add Reader.peek()Maximilian Hils2015-08-181-0/+18
|
* re-add form_outMaximilian Hils2015-08-181-0/+2
|
* allow direct ALPN callback methodThomas Kriechbaumer2015-08-161-1/+6
|
* fix mitmproxy/mitmproxy#705Maximilian Hils2015-08-031-1/+5
|
* add distinct error for cert verification issuesMaximilian Hils2015-07-241-2/+9
|
* Added a fix for pre-1.0 OpenSSL which wasn't correctly erring on failed ↵Kyle Morton2015-07-211-0/+7
| | | | certificate validation
* Fixing default CA which ought to be read as a pemfile and not a directoryKyle Morton2015-07-211-1/+1
|
* Fixing how certifi is made the default ca_path to simplify calling logic.Kyle Morton2015-06-261-1/+3
|
* Merge pull request #76 from kyle-m/masterAldo Cortesi2015-06-241-10/+14
|\ | | | | Provide debugging information when upstream server certificate fails validation
| * Cleaning up upstream server verification. Adding storage of cerificateKyle Morton2015-06-221-8/+8
| | | | | | | | | | verification errors on TCPClient object to enable warnings in downstream projects.
| * Updating TCPServer to allow tests (and potentially other use cases) to serveKyle Morton2015-06-221-2/+6
| | | | | | | | certificate chains instead of only single certificates.
* | unify SSL version/method handlingThomas Kriechbaumer2015-06-221-7/+18
|/
* mark unused variables and argumentsThomas Kriechbaumer2015-06-181-5/+5
|
* Merge branch 'master' of https://github.com/kyle-m/netlib into kyle-m-masterAldo Cortesi2015-06-181-3/+3
|\
| * Adding certifi as default CA bundle.Kyle Morton2015-06-161-3/+3
| |
* | Only set OP_NO_COMPRESSION by default if it exists in our version of OpenSSLAldo Cortesi2015-06-181-1/+12
| | | | | | | | | | We'll need to start testing under both new and old versions of OpenSSL somehow to catch these...
* | Merge pull request #71 from Kriechi/landscapeAldo Cortesi2015-06-181-5/+3
|\ \ | | | | | | fix warnings and code smells
| * | fix warnings and code smellsThomas Kriechbaumer2015-06-171-5/+3
| | | | | | | | | | | | use prospector to find them
* | | http2: improve test suiteThomas Kriechbaumer2015-06-161-4/+5
| | |
* | | add elliptic curve during TLS handshakeThomas Kriechbaumer2015-06-161-8/+5
|/ /
* | Merge pull request #69 from kyle-m/masterAldo Cortesi2015-06-161-0/+23
|\| | | | | Adding support for upstream certificate validation when using SSL/TLS…
| * Adding support for upstream certificate validation when using SSL/TLS with anKyle Morton2015-06-151-0/+23
| | | | | | | | instance of TCPClient.
* | simplify ALPNThomas Kriechbaumer2015-06-141-6/+2
| |
* | add new TLS methodsThomas Kriechbaumer2015-06-141-1/+4
| |
* | add more testsThomas Kriechbaumer2015-06-121-4/+4
| |
* | improve ALPN integrationThomas Kriechbaumer2015-06-111-8/+15
|/
* fix coding styleThomas Kriechbaumer2015-06-081-1/+1
|
* http2: add warning if raw data looks like HTTP/1Thomas Kriechbaumer2015-06-081-1/+1
|
* fix non-ALPN supported OpenSSL-related testsThomas Kriechbaumer2015-06-081-1/+4
|
* improve ALPN support on travisThomas Kriechbaumer2015-06-081-8/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 20:08:44 +0000