store generated cert for each flow

fixes #1935
2025-02-01 15:55:28 +00:00 · 2017-02-12 13:28:24 -08:00 · 2017-02-12 13:28:24 -08:00 · 48b3d1af2f
commit 48b3d1af2f
parent cf0bce77a9
4 changed files with 8 additions and 0 deletions
--- a/mitmproxy/connections.py
+++ b/mitmproxy/connections.py
@ -17,6 +17,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
        address: Remote address
        ssl_established: True if TLS is established, False otherwise
        clientcert: The TLS client certificate
+        mitmcert: The MITM'ed TLS server certificate presented to the client
        timestamp_start: Connection start timestamp
        timestamp_ssl_setup: TLS established timestamp
        timestamp_end: Connection end timestamp
@ -40,6 +41,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
            self.clientcert = None
            self.ssl_established = None

+        self.mitmcert = None
        self.timestamp_start = time.time()
        self.timestamp_end = None
        self.timestamp_ssl_setup = None
@ -72,6 +74,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
        address=tcp.Address,
        ssl_established=bool,
        clientcert=certs.SSLCert,
+        mitmcert=certs.SSLCert,
        timestamp_start=float,
        timestamp_ssl_setup=float,
        timestamp_end=float,
@ -98,6 +101,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
        return cls.from_state(dict(
            address=dict(address=address, use_ipv6=False),
            clientcert=None,
+            mitmcert=None,
            ssl_established=False,
            timestamp_start=None,
            timestamp_end=None,
--- a/mitmproxy/io_compat.py
+++ b/mitmproxy/io_compat.py
@ -88,6 +88,7 @@ def convert_019_100(data):

 def convert_100_200(data):
    data["version"] = (2, 0, 0)
+    data["client_conn"]["mitmcert"] = None
    return data


--- a/mitmproxy/proxy/protocol/tls.py
+++ b/mitmproxy/proxy/protocol/tls.py
@ -465,6 +465,8 @@ class TlsLayer(base.Layer):
        self.log("Establish TLS with client", "debug")
        cert, key, chain_file = self._find_cert()

+        self.client_conn.mitmcert = cert
+
        if self.config.options.add_upstream_certs_to_client_chain:
            extra_certs = self.server_conn.server_certs
        else:
--- a/mitmproxy/test/tflow.py
+++ b/mitmproxy/test/tflow.py
@ -144,6 +144,7 @@ def tclient_conn():
    c = connections.ClientConnection.from_state(dict(
        address=dict(address=("address", 22), use_ipv6=True),
        clientcert=None,
+        mitmcert=None,
        ssl_established=False,
        timestamp_start=1,
        timestamp_ssl_setup=2,