From decb6f998a1b3e257a1b6dc1dbae57e3c95b5059 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Wed, 21 May 2014 01:16:22 +0200 Subject: [PATCH] add support for certificate chains, refs #174 --- libmproxy/proxy/config.py | 1 + libmproxy/proxy/server.py | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py index 0a1345fa0..94a12bf41 100644 --- a/libmproxy/proxy/config.py +++ b/libmproxy/proxy/config.py @@ -24,6 +24,7 @@ class ProxyConfig: self.http_form_out = http_form_out self.authenticator = authenticator self.confdir = os.path.expanduser(confdir) + self.ca_file = os.path.join(self.confdir, CONF_BASENAME + "-ca.pem") self.certstore = certutils.CertStore.from_store(self.confdir, CONF_BASENAME) for spec, cert in certs: self.certstore.add_cert_file(spec, cert) diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py index 1820c8814..741e5f93e 100644 --- a/libmproxy/proxy/server.py +++ b/libmproxy/proxy/server.py @@ -197,7 +197,8 @@ class ConnectionHandler: cert, key, handle_sni=self.handle_sni, cipher_list=self.config.ciphers, - dhparams=self.config.certstore.dhparams + dhparams=self.config.certstore.dhparams, + ca_file=self.config.ca_file ) def server_reconnect(self, no_ssl=False): @@ -260,11 +261,12 @@ class ConnectionHandler: cert, key, method=SSL.TLSv1_METHOD, cipher_list=self.config.ciphers, - dhparams=self.config.certstore.dhparams + dhparams=self.config.certstore.dhparams, + ca_file=self.config.ca_file ) connection.set_context(new_context) # An unhandled exception in this method will core dump PyOpenSSL, so # make dang sure it doesn't happen. - except Exception, e: # pragma: no cover + except Exception: # pragma: no cover import traceback self.log("Error in handle_sni:\r\n" + traceback.format_exc(), "error") \ No newline at end of file