From 48b3d1af2fb43f119e0c011e2350728169c82acd Mon Sep 17 00:00:00 2001
From: Daniel Lenski <daniel.lenski@finalphasesystems.com>
Date: Sun, 12 Feb 2017 13:28:24 -0800
Subject: [PATCH] store generated cert for each flow

fixes #1935
---
 mitmproxy/connections.py        | 4 ++++
 mitmproxy/io_compat.py          | 1 +
 mitmproxy/proxy/protocol/tls.py | 2 ++
 mitmproxy/test/tflow.py         | 1 +
 4 files changed, 8 insertions(+)

diff --git a/mitmproxy/connections.py b/mitmproxy/connections.py
index a32889bd5..6d4d648f1 100644
--- a/mitmproxy/connections.py
+++ b/mitmproxy/connections.py
@@ -17,6 +17,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
         address: Remote address
         ssl_established: True if TLS is established, False otherwise
         clientcert: The TLS client certificate
+        mitmcert: The MITM'ed TLS server certificate presented to the client
         timestamp_start: Connection start timestamp
         timestamp_ssl_setup: TLS established timestamp
         timestamp_end: Connection end timestamp
@@ -40,6 +41,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
             self.clientcert = None
             self.ssl_established = None
 
+        self.mitmcert = None
         self.timestamp_start = time.time()
         self.timestamp_end = None
         self.timestamp_ssl_setup = None
@@ -72,6 +74,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
         address=tcp.Address,
         ssl_established=bool,
         clientcert=certs.SSLCert,
+        mitmcert=certs.SSLCert,
         timestamp_start=float,
         timestamp_ssl_setup=float,
         timestamp_end=float,
@@ -98,6 +101,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
         return cls.from_state(dict(
             address=dict(address=address, use_ipv6=False),
             clientcert=None,
+            mitmcert=None,
             ssl_established=False,
             timestamp_start=None,
             timestamp_end=None,
diff --git a/mitmproxy/io_compat.py b/mitmproxy/io_compat.py
index 8f89b86e9..d299b973a 100644
--- a/mitmproxy/io_compat.py
+++ b/mitmproxy/io_compat.py
@@ -88,6 +88,7 @@ def convert_019_100(data):
 
 def convert_100_200(data):
     data["version"] = (2, 0, 0)
+    data["client_conn"]["mitmcert"] = None
     return data
 
 
diff --git a/mitmproxy/proxy/protocol/tls.py b/mitmproxy/proxy/protocol/tls.py
index 08ce53d06..c174b0033 100644
--- a/mitmproxy/proxy/protocol/tls.py
+++ b/mitmproxy/proxy/protocol/tls.py
@@ -465,6 +465,8 @@ class TlsLayer(base.Layer):
         self.log("Establish TLS with client", "debug")
         cert, key, chain_file = self._find_cert()
 
+        self.client_conn.mitmcert = cert
+
         if self.config.options.add_upstream_certs_to_client_chain:
             extra_certs = self.server_conn.server_certs
         else:
diff --git a/mitmproxy/test/tflow.py b/mitmproxy/test/tflow.py
index 6d3308407..ea7be4b95 100644
--- a/mitmproxy/test/tflow.py
+++ b/mitmproxy/test/tflow.py
@@ -144,6 +144,7 @@ def tclient_conn():
     c = connections.ClientConnection.from_state(dict(
         address=dict(address=("address", 22), use_ipv6=True),
         clientcert=None,
+        mitmcert=None,
         ssl_established=False,
         timestamp_start=1,
         timestamp_ssl_setup=2,