Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 00:01:36 +00:00
Code Issues Projects Releases Wiki Activity

Make the certificate wait time configurable.

Browse Source 
Since OpenSSL doesn't let us set certificate start times in the past, the
client and proxy machine time must be synchronized, or the client might reject
the certificate. We can bodgy over small discrepancies by waiting a few seconds
after a new certificate is generated (i.e. the first time an SSL domain is contacted).

Make this a configurable option, and turn it off by default.
This commit is contained in:
Aldo Cortesi 2011-06-27 16:10:17 +12:00
parent f004326855
commit 0a642f2441
3 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libmproxy/cmdline.py
View File

@ -116,6 +116,12 @@ def common_options(parser):
) )
parser.add_option_group(group) parser.add_option_group(group)
parser.add_option(
"--cert-wait-time",
action="store", dest="cert_wait_time", default=0,
help="Wait for specified number of seconds after a new cert is generated. This can smooth over small discrepancies between the client and server times."
)
group = optparse.OptionGroup(parser, "Server Replay") group = optparse.OptionGroup(parser, "Server Replay")
group.add_option( group.add_option(
"-s", "-s",

7
libmproxy/proxy.py
View File

@ -23,11 +23,12 @@ class ProxyError(Exception):
class SSLConfig: class SSLConfig:
def __init__(self, certfile = None, ciphers = None, cacert = None): def __init__(self, certfile = None, ciphers = None, cacert = None, cert_wait_time=None):
self.certfile = certfile self.certfile = certfile
self.ciphers = ciphers self.ciphers = ciphers
self.cacert = cacert self.cacert = cacert
self.certdir = None self.certdir = None
self.cert_wait_time = cert_wait_time
def read_chunked(fp): def read_chunked(fp):
@ -613,6 +614,7 @@ class ProxyHandler(SocketServer.StreamRequestHandler):
return self.config.certfile return self.config.certfile
else: else:
ret = utils.dummy_cert(self.config.certdir, self.config.cacert, host) ret = utils.dummy_cert(self.config.certdir, self.config.cacert, host)
time.sleep(self.config.cert_wait_time)
if not ret: if not ret:
raise ProxyError(400, "mitmproxy: Unable to generate dummy cert.") raise ProxyError(400, "mitmproxy: Unable to generate dummy cert.")
return ret return ret
@ -784,5 +786,6 @@ def process_certificate_option_group(parser, options):
return SSLConfig( return SSLConfig(
certfile = options.cert, certfile = options.cert,
cacert = cacert, cacert = cacert,
ciphers = options.ciphers ciphers = options.ciphers,
cert_wait_time = options.cert_wait_time
) )

1
libmproxy/utils.py
View File

@ -497,7 +497,6 @@ def dummy_cert(certdir, ca, commonname):
stdin=subprocess.PIPE stdin=subprocess.PIPE
) )
if ret: return None if ret: return None
time.sleep(CERT_SLEEP_TIME)
return certpath return certpath