mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-23 08:11:00 +00:00
ProxyConfig: --cert to options
Also incidentally improve handling of invalid certificate formats.
This commit is contained in:
Aldo Cortesi
parent
856e1c2ba9
commit
f24f8ce971
@ -184,6 +184,15 @@ def get_common_options(args):
|
||||
"That would trigger an infinite loop."
|
||||
)
|
||||
|
||||
|
||||
# Proxy config
|
||||
certs = []
|
||||
for i in args.certs:
|
||||
parts = i.split("=", 1)
|
||||
if len(parts) == 1:
|
||||
parts = ["*", parts[0]]
|
||||
certs.append(parts)
|
||||
|
||||
return dict(
|
||||
app=args.app,
|
||||
app_host=args.app_host,
|
||||
@ -213,10 +222,11 @@ def get_common_options(args):
|
||||
replay_ignore_payload_params=args.replay_ignore_payload_params,
|
||||
replay_ignore_host=args.replay_ignore_host,
|
||||
|
||||
cadir = args.cadir,
|
||||
certs = certs,
|
||||
clientcerts = args.clientcerts,
|
||||
listen_host = args.addr,
|
||||
listen_port = args.port,
|
||||
cadir = args.cadir,
|
||||
clientcerts = args.clientcerts,
|
||||
)
|
||||
|
||||
|
||||
|
||||
@ -40,6 +40,7 @@ class Options(options.Options):
|
||||
|
||||
# Proxy options
|
||||
cadir = cmdline.CA_DIR, # type: str
|
||||
certs = (), # type: Sequence[Tuple[str, str]]
|
||||
clientcerts = None, # type: Optional[str]
|
||||
listen_host = "", # type: str
|
||||
listen_port = 8080, # type: int
|
||||
@ -74,7 +75,9 @@ class Options(options.Options):
|
||||
self.replay_ignore_payload_params = replay_ignore_payload_params
|
||||
self.replay_ignore_host = replay_ignore_host
|
||||
|
||||
# Proxy options
|
||||
self.cadir = cadir
|
||||
self.certs = certs
|
||||
self.clientcerts = clientcerts
|
||||
self.listen_host = listen_host
|
||||
self.listen_port = listen_port
|
||||
|
||||
@ -5,7 +5,7 @@ import os
|
||||
import re
|
||||
|
||||
import six
|
||||
from OpenSSL import SSL
|
||||
from OpenSSL import SSL, crypto
|
||||
|
||||
from mitmproxy import platform
|
||||
from mitmproxy import exceptions
|
||||
@ -117,9 +117,6 @@ class ProxyConfig:
|
||||
self.config(options)
|
||||
options.changed.connect(self)
|
||||
|
||||
for spec, cert in certs:
|
||||
self.certstore.add_cert_file(spec, cert)
|
||||
|
||||
def config(self, options):
|
||||
certstore_path = os.path.expanduser(options.cadir)
|
||||
if not os.path.exists(certstore_path):
|
||||
@ -140,6 +137,20 @@ class ProxyConfig:
|
||||
)
|
||||
self.clientcerts = clientcerts
|
||||
|
||||
for spec, cert in options.certs:
|
||||
cert = os.path.expanduser(cert)
|
||||
if not os.path.exists(cert):
|
||||
raise exceptions.OptionsError(
|
||||
"Certificate file does not exist: %s" % cert
|
||||
)
|
||||
try:
|
||||
self.certstore.add_cert_file(spec, cert)
|
||||
except crypto.Error:
|
||||
raise exceptions.OptionsError(
|
||||
"Invalid certificate format: %s" % cert
|
||||
)
|
||||
|
||||
|
||||
|
||||
def process_proxy_options(parser, options, args):
|
||||
body_size_limit = args.body_size_limit
|
||||
@ -214,16 +225,6 @@ def process_proxy_options(parser, options, args):
|
||||
else:
|
||||
authenticator = authentication.NullProxyAuth(None)
|
||||
|
||||
certs = []
|
||||
for i in args.certs:
|
||||
parts = i.split("=", 1)
|
||||
if len(parts) == 1:
|
||||
parts = ["*", parts[0]]
|
||||
parts[1] = os.path.expanduser(parts[1])
|
||||
if not os.path.exists(parts[1]):
|
||||
parser.error("Certificate file does not exist: %s" % parts[1])
|
||||
certs.append(parts)
|
||||
|
||||
return ProxyConfig(
|
||||
options,
|
||||
no_upstream_cert=args.no_upstream_cert,
|
||||
@ -238,7 +239,6 @@ def process_proxy_options(parser, options, args):
|
||||
authenticator=authenticator,
|
||||
ciphers_client=args.ciphers_client,
|
||||
ciphers_server=args.ciphers_server,
|
||||
certs=tuple(certs),
|
||||
ssl_version_client=args.ssl_version_client,
|
||||
ssl_version_server=args.ssl_version_server,
|
||||
ssl_verify_upstream_cert=args.ssl_verify_upstream_cert,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user