From 5acbef236c503bf973a5782dd0139efa977824ea Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Thu, 16 Jan 2014 02:33:14 +0100 Subject: [PATCH] fix sni bug: respond with the correct certificate --- libmproxy/proxy.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py index 1894f7f0b..f2dcc43f8 100644 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -106,18 +106,19 @@ class RequestReplayThread(threading.Thread): class HandleSNI: - def __init__(self, handler, client_conn, host, port, cert, key): + def __init__(self, handler, client_conn, host, port, key): self.handler, self.client_conn, self.host, self.port = handler, client_conn, host, port - self.cert, self.key = cert, key + self.key = key def __call__(self, client_connection): try: sn = client_connection.get_servername() if sn: self.handler.get_server_connection(self.client_conn, "https", self.host, self.port, sn) + dummycert = self.handler.find_cert(self.client_conn, self.host, self.port, sn) new_context = SSL.Context(SSL.TLSv1_METHOD) new_context.use_privatekey_file(self.key) - new_context.use_certificate(self.cert.x509) + new_context.use_certificate(dummycert.x509) client_connection.set_context(new_context) self.handler.sni = sn.decode("utf8").encode("idna") # An unhandled exception in this method will core dump PyOpenSSL, so @@ -331,8 +332,7 @@ class ProxyHandler(tcp.BaseHandler): def establish_ssl(self, client_conn, host, port): dummycert = self.find_cert(client_conn, host, port, host) sni = HandleSNI( - self, client_conn, host, port, - dummycert, self.config.certfile or self.config.cacert + self, client_conn, host, port, self.config.certfile or self.config.cacert ) try: self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)