Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-22 15:37:45 +00:00
Code Issues Projects Releases Wiki Activity

tls: support certificates with IP SubjectAlternativeName (#4596)

Browse Source
This commit is contained in:
Maximilian Hils 2021-05-14 08:36:42 +02:00 committed by GitHub
parent 5f5e2dc0ee
commit 9f0ee9d53a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
mitmproxy/net/tls.py
View File

@ -1,4 +1,5 @@
import io
import ipaddress
import os
import threading
from enum import Enum
@ -158,9 +159,16 @@ def create_proxy_server_context(
param,
SSL._lib.X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS | SSL._lib.X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
)
SSL._openssl_assert(
SSL._lib.X509_VERIFY_PARAM_set1_host(param, hostname.encode(), 0) == 1
)
try:
ip: bytes = ipaddress.ip_address(hostname).packed
except ValueError:
SSL._openssl_assert(
SSL._lib.X509_VERIFY_PARAM_set1_host(param, hostname.encode(), 0) == 1
)
else:
SSL._openssl_assert(
SSL._lib.X509_VERIFY_PARAM_set1_ip(param, ip, len(ip)) == 1
)
if ca_path is None and ca_pemfile is None:
ca_pemfile = certifi.where()