Commit Graph

239 Commits

Author SHA1 Message Date
kronick
197dae9183 Made attribute optional (as it is in pyOpenSSL)
See 0d7e8a1af2 -- It looks like this constant isn't set on some platforms (including Raspberry Pi's libssl)
2014-07-29 15:12:13 +02:00
Maximilian Hils
254a686235 Merge branch 'master' into stream
Conflicts:
	netlib/http.py
2014-07-21 14:02:56 +02:00
Maximilian Hils
6bd5df79f8 refactor response length handling 2014-07-21 14:01:24 +02:00
Maximilian Hils
d382bb27bf certstore: add support for asterisk form to DNTree replacement 2014-07-19 00:02:31 +02:00
Maximilian Hils
a7837846a2 temporarily replace DNTree with a simpler cert lookup mechanism, fix mitmproxy/mitmproxy#295 2014-07-18 22:55:25 +02:00
Brad Peabody
280d9b8625 added some additional functions for dealing with chunks - needed for mitmproxy streaming capability 2014-07-17 22:34:29 -07:00
Maximilian Hils
24ef9c61a3 improve docs 2014-07-14 17:38:49 +02:00
Brad Peabody
273c25a705 added option for read_response to only read the headers, beginnings of implementing streamed result in mitmproxy 2014-07-12 22:42:06 -07:00
Maximilian Hils
4d5d8b6511 mark nsCertType non-critical, fix #39 2014-06-29 13:10:07 +02:00
Maximilian Hils
e69133f98c remove ntop windows workaround 2014-06-25 21:16:47 +02:00
Maximilian Hils
6405595ae8 socks module: polish, add tests 2014-06-25 20:31:28 +02:00
Maximilian Hils
dc3d3e5f0a add inet_ntop/inet_pton functions 2014-06-25 20:31:10 +02:00
Maximilian Hils
217660f5db add socks module 2014-06-25 14:30:42 +02:00
Pritam Baral
dc071c4ea7 Ignore username:password part in url 2014-05-28 07:10:10 +05:30
Maximilian Hils
66ac56509f add support for ctx.load_verify_locations, refs mitmproxy/mitmproxy#174 2014-05-21 01:14:55 +02:00
Maximilian Hils
52c6ba8880 properly subclass Exception in HTTPError 2014-05-15 18:15:29 +02:00
Maximilian Hils
71834aeab1 make cert and key mandatory 2014-05-15 14:15:33 +02:00
Maximilian Hils
a8345af282 extract cert creation to be accessible in handle_sni callbacks 2014-05-15 13:51:59 +02:00
Maximilian Hils
92081eee04 Update certutils.py
refs mitmproxy/mitmproxy#200
2014-04-25 19:40:37 +02:00
Maximilian Hils
c2c952b3cc make error message example less abstract. 2014-03-31 12:44:20 +02:00
Pedro Worcel
bb10dfc505 Instead of removing the error, for consistency, leaving the error as-was
and replaced the message with something that may or may not be more
understandable :P
2014-03-31 20:19:23 +13:00
Pedro Worcel
e7c3e4c5ac Change error into awesome user-friendlyness
Hi there,

I was getting a very weird error "ODict valuelist should be lists", when attempting to add a header.

My code was as followed:

```
        msg.headers["API-Key"] = new_headers["API-Key"]                                                                                                                                                                              
 42         msg.headers["API-Sign"] = new_headers["API-Sign"]
```

In the end, that was because there could be multiple equal headers. In order to cater to that, it you guys might enjoy the patch I attach, for it converts strings automatically into lists of multiple headers.

I think it should work, but I haven't tested it :$

It'd allow me to have the above code, instead of this one below:

```
        msg.headers["API-Key"] = [new_headers["API-Key"]]                                                                                                                                                                               
 42         msg.headers["API-Sign"] = [new_headers["API-Sign"]]
```
2014-03-30 20:58:47 +13:00
Bradley Baetz
d8f54c7c03 Change the criticality of a number of X509 extentions, to match
the RFCs and real-world CAs/certs.

This improve compatability with older browsers/clients.
2014-03-20 11:12:11 +11:00
Maximilian Hils
34e469eb55 create dhparam file if it doesn't exist, fix mitmproxy/mitmproxy#235 2014-03-11 20:23:27 +01:00
Maximilian Hils
4bd15a28b7 fix #28 2014-03-10 17:43:39 +01:00
Aldo Cortesi
f5cc63d653 Certificate flags 2014-03-10 17:29:27 +13:00
Aldo Cortesi
2a12aa3c47 Support Ephemeral Diffie-Hellman 2014-03-07 16:38:50 +13:00
Aldo Cortesi
52b14aa1d1 CertStore: cope with certs that have no common name 2014-03-05 17:29:14 +13:00
Aldo Cortesi
86730a9a4c Handler convert_to_ssl now takes a key object, not a path. 2014-03-05 13:43:52 +13:00
Aldo Cortesi
0c3bc1cff2 Much more sophisticated certificate store
- Handle wildcard lookup
- Handle lookup of SANs
- Provide hooks for registering override certs and keys for specific
domains (including wildcard specifications)
2014-03-05 13:19:16 +13:00
Aldo Cortesi
7c82418e0b Beef up CertStore, add DH params. 2014-03-04 14:12:58 +13:00
Aldo Cortesi
cfaa3da25c Use PyOpenSSL's underlying ffi interface to get current cipher for connections. 2014-03-02 21:37:28 +13:00
Aldo Cortesi
1acaf1c880 Re-add state operations to ODict. 2014-03-02 16:54:21 +13:00
Aldo Cortesi
e381c03668 Cleanups, tests, and no-cover directives for code sections we can't test. 2014-03-02 16:47:10 +13:00
Aldo Cortesi
7788391903 Minor improvement to CertStore interface 2014-03-02 13:50:19 +13:00
Aldo Cortesi
3443bae94e Cipher suite selection for client connections, improved error handling 2014-02-27 18:35:16 +13:00
Maximilian Hils
c276b4294c allow super() on TCPServer, add thread names for better debugging 2014-02-15 23:16:28 +01:00
Maximilian Hils
a72ae4d85c Bump version
Do it now already so that mitmproxy will warn the user if netlib is not from master.
2014-02-11 12:09:58 +01:00
Aldo Cortesi
3d52d16e8d Merge branch 'tcp_proxy' 2014-02-07 10:50:23 +13:00
Maximilian Hils
7fc544bc7f adjust netlib.wsgi to reflect changes in mitmproxys flow format 2014-02-05 21:34:14 +01:00
Maximilian Hils
0bbc40dc33 store used sni in TCPClient, add equality check for tcp.Address 2014-02-04 04:51:41 +01:00
Maximilian Hils
dc45b4bf19 move StateObject back into libmproxy 2014-01-31 01:06:53 +01:00
Maximilian Hils
ff9656be80 remove subclassing of tuple in tcp.Address, move StateObject into netlib 2014-01-30 20:07:30 +01:00
Maximilian Hils
e18ac4b672 re-add server attribute to BaseHandler 2014-01-28 20:30:16 +01:00
Maximilian Hils
763cb90b66 add tcp.Address to unify ipv4/ipv6 address handling 2014-01-28 17:26:35 +01:00
Aldo Cortesi
8266699acd Silence pyflakes, adjust requirements.txt 2014-01-19 18:17:06 +13:00
Maximilian Hils
71c1017575 Merge branch 'master' into tcp_proxy 2014-01-18 22:55:51 +01:00
Maximilian Hils
0f22039bca add CONNECT request to list of request types that don't have a response body 2014-01-18 22:55:40 +01:00
Maximilian Hils
d0a6d2e254 fix tests, remove duplicate code 2014-01-09 05:33:21 +01:00
Maximilian Hils
b0b93d1c3e Merge remote-tracking branch 'origin/master' into tcp_proxy 2014-01-09 01:57:50 +01:00
Maximilian Hils
951f2d517f change parameter names to reflect changes 2014-01-09 01:57:37 +01:00
Aldo Cortesi
ac1a700fa1 Make certificate not-before time 48 hours.
Fixes #200
2014-01-08 14:46:55 +13:00
Aldo Cortesi
1c6f714193 Merge pull request #26 from mitmproxy/refactor_read_http_body
refactor http.read_http_body
2014-01-04 14:37:34 -08:00
Aldo Cortesi
5717e7300c Make it possible to pass custom environment variables into wsgi apps. 2014-01-05 10:57:50 +13:00
Maximilian Hils
cebec67e08 refactor read_http_body 2013-12-15 06:43:54 +01:00
Maximilian Hils
f2e8efdf15 merge smurfix/ipv6, add ipv6 support for TCPServer, add ipv6 test 2013-12-13 15:04:38 +01:00
Maximilian Hils
969595cca7 add requirements.txt, small changes 2013-12-13 06:24:08 +01:00
Matthias Urlichs
6f26cec83e tab fix 2013-12-12 07:11:13 +01:00
Matthias Urlichs
a7ac97eb82 support ipv6 2013-12-12 07:00:58 +01:00
Aldo Cortesi
d66fd5ba1b Bump version 2013-12-10 22:20:12 +13:00
Aldo Cortesi
4840c6b3bf Fix race condition in test suite. 2013-12-08 15:26:30 +13:00
Maximilian Hils
64139a1e7e merge origin/master 2013-12-08 01:39:50 +01:00
Maximilian Hils
390f2a46c9 make AuthAction generic 2013-12-08 01:37:45 +01:00
Aldo Cortesi
7213f86d49 Unit test auth actions. 2013-12-08 13:35:42 +13:00
Aldo Cortesi
d05c20d8fa Domain checks for persistent cert store is now irrelevant.
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi
98a580cf69 Merge pull request #19 from rouli/ciphersuites
adding cipher list selection option to BaseHandler
2013-12-07 15:51:44 -08:00
Aldo Cortesi
af8f98d493 Merge pull request #22 from fictivekin/custom-o-cn
allow specification of o, cn, expiry
2013-12-07 15:42:54 -08:00
Aldo Cortesi
ed74b62856 Merge branch 'fix_invalid_tcp_close' 2013-12-08 10:15:43 +13:00
Aldo Cortesi
5aad09ab81 Fix client certificate request feature. 2013-12-08 10:15:19 +13:00
Aldo Cortesi
bed2aed9db Merge branch 'master' of ssh.github.com:cortesi/netlib 2013-11-21 13:09:11 +13:00
Maximilian Hils
e402e3b862 add custom argparse actions to seamlessly integrate ProxyAuth classes 2013-11-21 01:07:56 +01:00
Maximilian Hils
643602c066 Merge branch 'fix_windows_bugs' into fix_invalid_tcp_close 2013-11-19 05:03:10 +01:00
Maximilian Hils
5e4ccbd7ed attempt to fix #24 2013-11-19 04:11:24 +01:00
Aldo Cortesi
07e970346f Merge branch 'master' of ssh.github.com:cortesi/netlib 2013-10-18 08:17:39 +13:00
Sean Coates
642b3f002e remove tempfile and shutil imports because they're not actually used 2013-10-07 16:55:35 -04:00
Sean Coates
53b7c5abdd allow specification of o, cn, expiry 2013-10-07 16:48:30 -04:00
Paul
98f765f693 Don't create a certificate request when creating a dummy cert 2013-09-24 21:18:41 +02:00
Aldo Cortesi
8a261b2c01 Bump version. 2013-08-25 10:30:48 +12:00
Aldo Cortesi
7428f95474 Handle interrupted system call errors. 2013-08-25 10:22:09 +12:00
Israel Nir
d5b3e397e1 adding cipher list selection option to BaseHandler 2013-08-21 13:42:30 +03:00
Maximilian Hils
28a0030c1e compatibility fixes for windows 2013-08-19 19:41:20 +02:00
Maximilian Hils
c44f354fd0 fix windows bugs 2013-08-17 16:15:37 +02:00
Aldo Cortesi
62edceee09 Revamp dummy cert generation.
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Aldo Cortesi
2da57ecff0 Correct order of precedence for SSL errors. 2013-08-11 11:47:07 +12:00
Aldo Cortesi
b9f06b473c Better handling of cert errors. 2013-08-10 23:07:09 +12:00
Aldo Cortesi
f5fdfd8a9f Clarify the interface for flush and close methods. 2013-07-30 09:42:13 +12:00
Aldo Cortesi
6709253629 Merge pull request #16 from mitmproxy/fix_socket_buffer
attempt to fix 'half-duplex' TCP close sequence
2013-07-28 14:55:40 -07:00
Andrey Plotnikov
02376b6a75 Add socket binding support for TCPClient 2013-07-07 13:33:56 +08:00
Maximilian Hils
68e2e782b0 attempt to fix 'half-duplex' TCP close sequence 2013-06-17 17:03:17 +02:00
Aldo Cortesi
73f8a1e2e0 Bump version. 2013-06-16 13:38:39 +12:00
Maximilian Hils
c9ab1c60b5 always read files in binary mode 2013-06-16 00:28:21 +02:00
Aldo Cortesi
7f0aa415e1 Add a request_client_cert argument to server SSL conversion.
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual.  Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus.  Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Aldo Cortesi
9c13224353 Fix exception hierarchy. 2013-05-05 13:49:20 +12:00
Tim Becker
241465c368 extensions aren't supported in v1, set to v3 (value=2) if using them. 2013-04-19 15:37:14 +02:00
Aldo Cortesi
a94d17970e Sync version number with mitmproxy. 2013-03-05 09:09:52 +13:00
Aldo Cortesi
5f0ad7b2a6 Ensure that HTTP methods are ASCII. 2013-03-03 22:13:23 +13:00
Aldo Cortesi
5a050bb6b2 Tighten up checks on port ranges and path character sets. 2013-03-03 21:39:15 +13:00
Aldo Cortesi
b21a7da142 parse_url: Handle invalid IPv6 addresses 2013-03-03 15:12:58 +13:00
Aldo Cortesi
7b9300743e More parse_url solidification: check that port is in range 0-65535 2013-03-03 15:08:17 +13:00
Aldo Cortesi
cd4ed8530f Check that hosts in parse_url do not contain NULL bytes. 2013-03-03 15:03:57 +13:00