From d5c318b070305ac51e6b37f80336ab471af28d26 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Wed, 8 Oct 2014 20:44:52 +0200 Subject: fix support for chained certificates --- libmproxy/proxy/server.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'libmproxy/proxy/server.py') diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 307a4bcd..0152f539 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -190,14 +190,14 @@ class ConnectionHandler: if client: if self.client_conn.ssl_established: raise ProxyError(502, "SSL to Client already established.") - cert, key = self.find_cert() + cert, key, chain_file = self.find_cert() try: self.client_conn.convert_to_ssl( cert, key, handle_sni=self.handle_sni, cipher_list=self.config.ciphers, dhparams=self.config.certstore.dhparams, - ca_file=self.config.ca_file + chain_file=chain_file ) except tcp.NetLibError as v: raise ProxyError(400, repr(v)) @@ -264,17 +264,17 @@ class ConnectionHandler: self.log("SNI received: %s" % self.sni, "debug") self.server_reconnect() # reconnect to upstream server with SNI # Now, change client context to reflect changed certificate: - cert, key = self.find_cert() + cert, key, chain_file = self.find_cert() new_context = self.client_conn._create_ssl_context( cert, key, method=SSL.TLSv1_METHOD, cipher_list=self.config.ciphers, dhparams=self.config.certstore.dhparams, - ca_file=self.config.ca_file + chain_file=chain_file ) connection.set_context(new_context) # An unhandled exception in this method will core dump PyOpenSSL, so # make dang sure it doesn't happen. - except Exception: # pragma: no cover + except: # pragma: no cover import traceback self.log("Error in handle_sni:\r\n" + traceback.format_exc(), "error") \ No newline at end of file -- cgit v1.2.3