mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 18:18:25 +00:00
Make the certificate wait time configurable.
Since OpenSSL doesn't let us set certificate start times in the past, the client and proxy machine time must be synchronized, or the client might reject the certificate. We can bodgy over small discrepancies by waiting a few seconds after a new certificate is generated (i.e. the first time an SSL domain is contacted). Make this a configurable option, and turn it off by default.
This commit is contained in:
parent
f004326855
commit
0a642f2441
@ -116,6 +116,12 @@ def common_options(parser):
|
|||||||
)
|
)
|
||||||
parser.add_option_group(group)
|
parser.add_option_group(group)
|
||||||
|
|
||||||
|
parser.add_option(
|
||||||
|
"--cert-wait-time",
|
||||||
|
action="store", dest="cert_wait_time", default=0,
|
||||||
|
help="Wait for specified number of seconds after a new cert is generated. This can smooth over small discrepancies between the client and server times."
|
||||||
|
)
|
||||||
|
|
||||||
group = optparse.OptionGroup(parser, "Server Replay")
|
group = optparse.OptionGroup(parser, "Server Replay")
|
||||||
group.add_option(
|
group.add_option(
|
||||||
"-s",
|
"-s",
|
||||||
|
@ -23,11 +23,12 @@ class ProxyError(Exception):
|
|||||||
|
|
||||||
|
|
||||||
class SSLConfig:
|
class SSLConfig:
|
||||||
def __init__(self, certfile = None, ciphers = None, cacert = None):
|
def __init__(self, certfile = None, ciphers = None, cacert = None, cert_wait_time=None):
|
||||||
self.certfile = certfile
|
self.certfile = certfile
|
||||||
self.ciphers = ciphers
|
self.ciphers = ciphers
|
||||||
self.cacert = cacert
|
self.cacert = cacert
|
||||||
self.certdir = None
|
self.certdir = None
|
||||||
|
self.cert_wait_time = cert_wait_time
|
||||||
|
|
||||||
|
|
||||||
def read_chunked(fp):
|
def read_chunked(fp):
|
||||||
@ -613,6 +614,7 @@ class ProxyHandler(SocketServer.StreamRequestHandler):
|
|||||||
return self.config.certfile
|
return self.config.certfile
|
||||||
else:
|
else:
|
||||||
ret = utils.dummy_cert(self.config.certdir, self.config.cacert, host)
|
ret = utils.dummy_cert(self.config.certdir, self.config.cacert, host)
|
||||||
|
time.sleep(self.config.cert_wait_time)
|
||||||
if not ret:
|
if not ret:
|
||||||
raise ProxyError(400, "mitmproxy: Unable to generate dummy cert.")
|
raise ProxyError(400, "mitmproxy: Unable to generate dummy cert.")
|
||||||
return ret
|
return ret
|
||||||
@ -784,5 +786,6 @@ def process_certificate_option_group(parser, options):
|
|||||||
return SSLConfig(
|
return SSLConfig(
|
||||||
certfile = options.cert,
|
certfile = options.cert,
|
||||||
cacert = cacert,
|
cacert = cacert,
|
||||||
ciphers = options.ciphers
|
ciphers = options.ciphers,
|
||||||
|
cert_wait_time = options.cert_wait_time
|
||||||
)
|
)
|
||||||
|
@ -497,7 +497,6 @@ def dummy_cert(certdir, ca, commonname):
|
|||||||
stdin=subprocess.PIPE
|
stdin=subprocess.PIPE
|
||||||
)
|
)
|
||||||
if ret: return None
|
if ret: return None
|
||||||
time.sleep(CERT_SLEEP_TIME)
|
|
||||||
return certpath
|
return certpath
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user