From 091e539a0203ca272e3a4ba2a9f23331bbd85005 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 2 Mar 2014 13:45:35 +1300 Subject: Big improvements to SSL handling - pathod now dynamically generates SSL certs, using the ~/.mitmproxy cacert - pathoc returns data on SSL peer certificates - Pathod certificate CN can be specified on command line - Support SSLv23 --- pathod | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'pathod') diff --git a/pathod b/pathod index ceadfa98..5b82f97e 100755 --- a/pathod +++ b/pathod @@ -31,16 +31,13 @@ def daemonize (stdin='/dev/null', stdout='/dev/null', stderr='/dev/null'): def main(parser, args): - sl = [args.ssl_keyfile, args.ssl_certfile] - if any(sl) and not all(sl): - parser.error("Both --certfile and --keyfile must be specified.") - ssloptions = pathod.SSLOptions( - keyfile = args.ssl_keyfile, - certfile = args.ssl_certfile, - not_after_connect = args.ssl_not_after_connect, - ciphers = args.ciphers, - sslversion = utils.SSLVERSIONS[args.sslversion] + cn = args.cn, + confdir = args.confdir, + certfile = args.ssl_certfile, + not_after_connect = args.ssl_not_after_connect, + ciphers = args.ciphers, + sslversion = utils.SSLVERSIONS[args.sslversion] ) alst = [] @@ -121,6 +118,11 @@ if __name__ == "__main__": "-c", dest='craftanchor', default="/p/", type=str, help='Anchorpoint for URL crafting commands.' ) + parser.add_argument( + "--confdir", + action="store", type = str, dest="confdir", default='~/.mitmproxy', + help = "Configuration directory. (~/.mitmproxy)" + ) parser.add_argument( "-d", dest='staticdir', default=None, type=str, help='Directory for static files.' @@ -158,17 +160,17 @@ if __name__ == "__main__": group = parser.add_argument_group( 'SSL', ) - group.add_argument( - "-C", dest='ssl_not_after_connect', default=False, action="store_true", - help="Don't expect SSL after a CONNECT request." - ) group.add_argument( "-s", dest='ssl', default=False, action="store_true", help='Run in HTTPS mode.' ) group.add_argument( - "--keyfile", dest='ssl_keyfile', default=None, type=str, - help='SSL key file. If not specified, a default key is used.' + "--cn", dest="cn", type=str, default=None, + help="CN for generated SSL certs. Default: %s"%pathod.DEFAULT_CERT_DOMAIN + ) + group.add_argument( + "-C", dest='ssl_not_after_connect', default=False, action="store_true", + help="Don't expect SSL after a CONNECT request." ) group.add_argument( "--certfile", dest='ssl_certfile', default=None, type=str, @@ -181,7 +183,7 @@ if __name__ == "__main__": group.add_argument( "--sslversion", dest="sslversion", type=int, default=4, choices=[1, 2, 3, 4], - help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to SSLv23." + help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to SSLv23." ) group = parser.add_argument_group( -- cgit v1.2.3