Commit Graph

39 Commits

Author SHA1 Message Date
Felix Yan
739806bfe2 Allow cryptography 1.2.* 2016-01-11 00:37:43 +08:00
Maximilian Hils
c10b614f70 update ssl_match_hostname dependency, refs #868 2015-12-25 15:56:26 +01:00
Maximilian Hils
4718f36379 use version specifiers compatible with old setuptools releases 2015-12-03 17:56:57 +01:00
Maximilian Hils
9f224f7dbd add 3.5 compat classifiers 2015-11-29 19:06:54 +01:00
Maximilian Hils
7cb57e206f README: mkd -> rst
pypi only renders reStructuredText.
2015-11-29 19:04:19 +01:00
Maximilian Hils
5916260849 be more conservative about dependency versions 2015-11-13 20:00:54 +01:00
Maximilian Hils
5af9df326a fix certificate verification
This commit fixes netlib's optional (turned off by default)
certificate verification, which previously did not validate the
cert's host name. As it turns out, verifying the connection's host
name on an intercepting proxy is not really straightforward - if
we receive a connection in transparent mode without SNI, we have no
clue which hosts the client intends to connect to. There are two
basic approaches to solve this problem:

 1. Exactly mirror the host names presented by the server in the
    spoofed certificate presented to the client.
 2. Require the client to send the TLS Server Name Indication
    extension. While this does not work with older clients,
    we can validate the hostname on the proxy.

Approach 1 is problematic in mitmproxy's use case, as we may want
to deliberately divert connections without the client's knowledge.
As a consequence, we opt for approach 2. While mitmproxy does now
require a SNI value to be sent by the client if certificate
verification is turned on, we retain our ability to present
certificates to the client which are accepted with a maximum
likelihood.
2015-11-01 18:15:30 +01:00
Maximilian Hils
f0ff68023d remove nose as a dependency 2015-09-21 01:11:42 +02:00
Maximilian Hils
eaf66550b0 always use py.test 2015-09-21 01:08:19 +02:00
Maximilian Hils
292a0aa9e6 make tests compatible with py.test 2015-09-20 19:56:57 +02:00
Maximilian Hils
7b6b157547 properly handle SNI IPs
fixes mitmproxy/mitmproxy#772
We must use the ipaddress package here, because that's what cryptography
uses. If we opt for something else, we have nasty namespace conflicts.
2015-09-18 15:35:02 +02:00
Maximilian Hils
2f9c566e48 remove pathod as dependency 2015-09-13 14:33:45 +02:00
Maximilian Hils
997fcde8ce make clean_bin unicode-aware 2015-09-12 17:03:09 +02:00
Maximilian Hils
6810fba54e add ssl peek polyfill 2015-08-19 16:05:42 +02:00
Maximilian Hils
2723a0e573 remove certffi 2015-06-26 13:26:35 +02:00
Thomas Kriechbaumer
40436ffb1f fix setup.py 2015-06-18 13:12:06 +02:00
Maximilian Hils
3e282d764e Merge branch 'master' of github.com:mitmproxy/netlib 2015-06-18 11:37:04 +02:00
Maximilian Hils
014b76bff7 include wheel as dev dependency 2015-06-18 11:36:58 +02:00
Aldo Cortesi
4579c67150 Merge branch 'master' of https://github.com/kyle-m/netlib into kyle-m-master 2015-06-18 12:23:03 +12:00
Kyle Morton
c9c93af453 Adding certifi as default CA bundle. 2015-06-16 11:11:10 -07:00
Maximilian Hils
9089226d66 explicitly state that we only support 2.7 2015-06-16 02:31:47 +02:00
Thomas Kriechbaumer
b395049a85 distribute cffi correctly 2015-05-30 15:15:08 +02:00
Aldo Cortesi
f76bfabc5d Adjust pep8 parameters, reformat 2015-05-30 12:02:58 +12:00
Thomas Kriechbaumer
4c469fdee1 add hpack to encode and decode headers 2015-05-29 15:31:22 +02:00
Thomas Kriechbaumer
8037830696 add pep8 autoformat checks to travis 2015-05-27 13:13:04 +02:00
Thomas Kriechbaumer
1967a49cd9 bump pyOpenSSL and cryptography dependencies 2015-05-27 10:23:43 +02:00
Maximilian Hils
b6af3fddf4 pypy support, faster travis builds 2015-02-07 01:43:25 +01:00
Maximilian Hils
60584387ff be more explicit about requirements 2014-11-11 12:26:20 +01:00
Maximilian Hils
aee8acbec6 distutils -> setuptools 2014-10-01 23:22:53 +02:00
Maximilian Hils
e73a2dbab1 minor changes 2014-09-28 03:15:26 +02:00
Maximilian Hils
dd2adc791d improve distribution 2014-09-08 18:58:07 +02:00
Maximilian Hils
ef0e501877 fix #46 2014-08-19 13:48:52 +02:00
Maximilian Hils
1c1167eda0 use passlib instead of md5crypt 2014-08-16 15:28:09 +02:00
Aldo Cortesi
d56f7fba80 We now require PyOpenSSL >= 0.14 2014-03-02 22:14:33 +13:00
Aldo Cortesi
2aadea0b7c Fix homepage URL 2014-01-28 14:09:45 +13:00
Maximilian Hils
9ea4646262 use markdown for readme 2013-12-13 15:09:42 +01:00
Maximilian Hils
28a0030c1e compatibility fixes for windows 2013-08-19 19:41:20 +02:00
Aldo Cortesi
7480f87cd7 Add utility function for converstion to PEM. 2012-06-28 14:56:21 +12:00
Aldo Cortesi
227e72abf4 README, setup.py, version 2012-06-23 13:49:57 +12:00