aboutsummaryrefslogtreecommitdiffstats
path: root/netlib
Commit message (Collapse)AuthorAgeFilesLines
...
| * fix certificate verificationMaximilian Hils2015-11-012-7/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes netlib's optional (turned off by default) certificate verification, which previously did not validate the cert's host name. As it turns out, verifying the connection's host name on an intercepting proxy is not really straightforward - if we receive a connection in transparent mode without SNI, we have no clue which hosts the client intends to connect to. There are two basic approaches to solve this problem: 1. Exactly mirror the host names presented by the server in the spoofed certificate presented to the client. 2. Require the client to send the TLS Server Name Indication extension. While this does not work with older clients, we can validate the hostname on the proxy. Approach 1 is problematic in mitmproxy's use case, as we may want to deliberately divert connections without the client's knowledge. As a consequence, we opt for approach 2. While mitmproxy does now require a SNI value to be sent by the client if certificate verification is turned on, we retain our ability to present certificates to the client which are accepted with a maximum likelihood.
* | Set default cert expiry to <39 monthsMaximilian Hils2015-11-041-1/+2
| | | | | | This sould fix mitmproxy/mitmproxy#815
* | minor fixesMaximilian Hils2015-11-012-2/+2
|/
* Merge branch 'http-models'Maximilian Hils2015-09-2816-428/+764
|\
| * test response model, push coverage to 100% branch covMaximilian Hils2015-09-274-21/+16
| |
| * improve request tests, coverage++Maximilian Hils2015-09-266-28/+66
| |
| * refactor response modelMaximilian Hils2015-09-2612-256/+277
| |
| * refactor request modelMaximilian Hils2015-09-2610-275/+557
| |
* | fix mitmproxy/mitmproxy#784Maximilian Hils2015-09-282-7/+3
|/
* minor fixesMaximilian Hils2015-09-252-18/+14
|
* also accept bytes as argumentsMaximilian Hils2015-09-221-6/+6
|
* Headers: return str on all Python versionsMaximilian Hils2015-09-228-230/+257
|
* revert websocket changes from 73586b1bMaximilian Hils2015-09-211-10/+12
| | | | | | | The DEFAULT construct is very weird, but with None we apparently break pathod in some difficult-to-debug ways. Revisit once we do more here.
* backport changesThomas Kriechbaumer2015-09-212-18/+19
|
* minor encoding fixesMaximilian Hils2015-09-212-12/+12
|
* python 3++Maximilian Hils2015-09-217-120/+168
|
* python3++Maximilian Hils2015-09-202-18/+14
|
* python3++Maximilian Hils2015-09-201-3/+5
|
* python3++Maximilian Hils2015-09-203-12/+22
|
* python3++Maximilian Hils2015-09-203-21/+25
|
* improve http error messagesMaximilian Hils2015-09-191-4/+12
|
* experimental: don't interfere with headersMaximilian Hils2015-09-182-32/+9
|
* python3++Maximilian Hils2015-09-181-20/+20
|
* properly handle SNI IPsMaximilian Hils2015-09-181-2/+9
| | | | | | fixes mitmproxy/mitmproxy#772 We must use the ipaddress package here, because that's what cryptography uses. If we opt for something else, we have nasty namespace conflicts.
* fix testsMaximilian Hils2015-09-171-1/+3
|
* python3++Maximilian Hils2015-09-175-68/+51
|
* clean up http message modelsMaximilian Hils2015-09-176-139/+74
|
* http1: add assemble_body functionMaximilian Hils2015-09-173-13/+17
|
* organize exceptions, improve content-length handlingMaximilian Hils2015-09-175-72/+107
|
* adjust http1-related codeMaximilian Hils2015-09-169-22/+48
|
* finish netlib.http.http1 refactorMaximilian Hils2015-09-169-140/+155
|
* wipMaximilian Hils2015-09-1518-846/+759
|
* make clean_bin unicode-awareMaximilian Hils2015-09-122-15/+26
|
* don't yield empty chunksMaximilian Hils2015-09-112-2/+3
|
* fix mitmproxy/mitmproxy#759Maximilian Hils2015-09-101-6/+17
|
* add ssl_read_selectMaximilian Hils2015-09-101-0/+21
|
* add tcp.Address.__hash__Maximilian Hils2015-09-081-0/+3
|
* let Headers inherit from objectMaximilian Hils2015-09-081-3/+3
| | | | fixes mitmproxy/mitmproxy#753
* Merge branch 'master' of https://github.com/mitmproxy/netlibMaximilian Hils2015-09-051-10/+17
|\
| * http2: do net let Settings frames escapeThomas Kriechbaumer2015-09-031-0/+2
| |
| * http2: handle Ping in protocolThomas Kriechbaumer2015-09-031-10/+15
| |
* | headers: adjust everythingMaximilian Hils2015-09-059-173/+155
| |
* | finalize Headers, add testsMaximilian Hils2015-09-051-41/+68
| |
* | add new headers classMaximilian Hils2015-09-051-1/+129
|/
* Merge branch 'master' of https://github.com/mitmproxy/netlibMaximilian Hils2015-08-291-3/+0
|\
| * http2: fix priority stream dependency checkThomas Kriechbaumer2015-08-261-3/+0
| |
* | don't yield prefix and suffixMaximilian Hils2015-08-291-6/+4
| |
* | move sslversion mapping to netlibMaximilian Hils2015-08-291-0/+17
| |
* | wipMaximilian Hils2015-08-284-22/+3
|/
* fix error messagesMaximilian Hils2015-08-251-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 10:20:36 +0000