Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 08:11:00 +00:00
Code Issues Projects Releases Wiki Activity

Improve error signalling for client certificates.

Browse Source
This commit is contained in:
Aldo Cortesi 2013-01-20 22:36:54 +13:00
parent 00d20abdd4
commit 7248a22d5e
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
netlib/tcp.py
View File

@ -177,11 +177,14 @@ class TCPClient:
clientcert: Path to a file containing both client cert and private key. clientcert: Path to a file containing both client cert and private key.
""" """
context = SSL.Context(method) context = SSL.Context(method)
if not options is None: if options is not None:
ctx.set_options(options) ctx.set_options(options)
if clientcert: if clientcert:
context.use_privatekey_file(clientcert) try:
context.use_certificate_file(clientcert) context.use_privatekey_file(clientcert)
context.use_certificate_file(clientcert)
except SSL.Error, v:
raise NetLibError("SSL client certificate error: %s"%str(v))
self.connection = SSL.Connection(context, self.connection) self.connection = SSL.Connection(context, self.connection)
self.ssl_established = True self.ssl_established = True
if sni: if sni:

9
test/test_tcp.py
View File

@ -189,6 +189,15 @@ class TestSSLClientCert(ServerTestBase):
c.convert_to_ssl(clientcert=tutils.test_data.path("data/clientcert/client.pem")) c.convert_to_ssl(clientcert=tutils.test_data.path("data/clientcert/client.pem"))
assert c.rfile.readline().strip() == "1" assert c.rfile.readline().strip() == "1"
def test_clientcert_err(self):
c = tcp.TCPClient("127.0.0.1", self.port)
c.connect()
tutils.raises(
tcp.NetLibError,
c.convert_to_ssl,
clientcert=tutils.test_data.path("data/clientcert/make")
)
class TestSNI(ServerTestBase): class TestSNI(ServerTestBase):
@classmethod @classmethod