Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2025-01-30 14:58:38 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #83 from kyle-m/master

Browse Source 
Fixing upstream certificate validation bugs
This commit is contained in:
Maximilian Hils 2015-07-22 12:48:48 +02:00
commit 1f3f076ded
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
netlib/tcp.py
View File

@ -422,7 +422,7 @@ class _Connection(object):
context.set_verify(verify_options, verify_cert)
if ca_path is None and ca_pemfile is None:
ca_path = certifi.where()
ca_pemfile = certifi.where()
context.load_verify_locations(ca_pemfile, ca_path)
# Workaround for
@ -518,6 +518,13 @@ class TCPClient(_Connection):
self.connection.do_handshake()
except SSL.Error as v:
raise NetLibError("SSL handshake error: %s" % repr(v))
# Fix for pre v1.0 OpenSSL, which doesn't throw an exception on
# certificate validation failure
verification_mode = sslctx_kwargs.get('verify_options', None)
if self.ssl_verification_error is not None and verification_mode == SSL.VERIFY_PEER:
raise NetLibError("SSL handshake error: certificate verify failed")
self.ssl_established = True
self.cert = certutils.SSLCert(self.connection.get_peer_certificate())
self.rfile.set_descriptor(self.connection)