Aldo Cortesi
1dda164d03
Satisfy autobots.
2015-05-28 12:18:56 +12:00
Aldo Cortesi
41af65a1c4
Merge branch 'Kriechi-cleanup'
2015-05-28 12:12:37 +12:00
Thomas Kriechbaumer
e3d390e036
cleanup code with autopep8
...
run the following command:
$ autopep8 -i -r -a -a .
2015-05-27 11:19:11 +02:00
Thomas Kriechbaumer
041ca5c499
update TLS defaults: signature hash and DH params
...
* SHA1 is deprecated (use SHA256)
* increase RSA key to 2048 bits
* increase DH params to 4096 bits (LogJam attack)
2015-05-27 10:53:57 +02:00
Maximilian Hils
e58f76aec1
fix code smell
2015-04-09 02:09:33 +02:00
Maximilian Hils
2a2402dfff
...two years is not enough.
2015-02-17 00:10:10 +01:00
Aldo Cortesi
7e5bb74e72
5 years is enough...
2015-02-17 12:03:52 +13:00
Aldo Cortesi
c9de3e770b
By popular demand, bump dummy cert expiry to 5 years
...
fixes #52
2015-02-17 11:59:07 +13:00
Maximilian Hils
9ef84ccc1c
clean up code
2014-10-09 00:15:39 +02:00
Maximilian Hils
fdb6f5552d
CertStore: add support for cert chains
2014-10-08 20:46:30 +02:00
Aldo Cortesi
5dcc7f78df
Merge pull request #34 from bbaetz/master
...
Change the criticality of a number of X509 extentions, to match
2014-09-07 12:50:36 +12:00
Maximilian Hils
d9a731b23a
make inequality comparison work
2014-09-04 19:18:43 +02:00
Maximilian Hils
6d1b601ddf
minor cleanups
2014-08-16 15:53:07 +02:00
Maximilian Hils
d382bb27bf
certstore: add support for asterisk form to DNTree replacement
2014-07-19 00:02:31 +02:00
Maximilian Hils
a7837846a2
temporarily replace DNTree with a simpler cert lookup mechanism, fix mitmproxy/mitmproxy#295
2014-07-18 22:55:25 +02:00
Maximilian Hils
4d5d8b6511
mark nsCertType non-critical, fix #39
2014-06-29 13:10:07 +02:00
Maximilian Hils
92081eee04
Update certutils.py
...
refs mitmproxy/mitmproxy#200
2014-04-25 19:40:37 +02:00
Bradley Baetz
d8f54c7c03
Change the criticality of a number of X509 extentions, to match
...
the RFCs and real-world CAs/certs.
This improve compatability with older browsers/clients.
2014-03-20 11:12:11 +11:00
Maximilian Hils
34e469eb55
create dhparam file if it doesn't exist, fix mitmproxy/mitmproxy#235
2014-03-11 20:23:27 +01:00
Aldo Cortesi
f5cc63d653
Certificate flags
2014-03-10 17:29:27 +13:00
Aldo Cortesi
2a12aa3c47
Support Ephemeral Diffie-Hellman
2014-03-07 16:38:50 +13:00
Aldo Cortesi
52b14aa1d1
CertStore: cope with certs that have no common name
2014-03-05 17:29:14 +13:00
Aldo Cortesi
0c3bc1cff2
Much more sophisticated certificate store
...
- Handle wildcard lookup
- Handle lookup of SANs
- Provide hooks for registering override certs and keys for specific
domains (including wildcard specifications)
2014-03-05 13:19:16 +13:00
Aldo Cortesi
7c82418e0b
Beef up CertStore, add DH params.
2014-03-04 14:12:58 +13:00
Aldo Cortesi
7788391903
Minor improvement to CertStore interface
2014-03-02 13:50:19 +13:00
Maximilian Hils
dc45b4bf19
move StateObject back into libmproxy
2014-01-31 01:06:53 +01:00
Maximilian Hils
ff9656be80
remove subclassing of tuple in tcp.Address, move StateObject into netlib
2014-01-30 20:07:30 +01:00
Maximilian Hils
763cb90b66
add tcp.Address to unify ipv4/ipv6 address handling
2014-01-28 17:26:35 +01:00
Aldo Cortesi
ac1a700fa1
Make certificate not-before time 48 hours.
...
Fixes #200
2014-01-08 14:46:55 +13:00
Aldo Cortesi
d05c20d8fa
Domain checks for persistent cert store is now irrelevant.
...
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi
af8f98d493
Merge pull request #22 from fictivekin/custom-o-cn
...
allow specification of o, cn, expiry
2013-12-07 15:42:54 -08:00
Sean Coates
642b3f002e
remove tempfile and shutil imports because they're not actually used
2013-10-07 16:55:35 -04:00
Sean Coates
53b7c5abdd
allow specification of o, cn, expiry
2013-10-07 16:48:30 -04:00
Paul
98f765f693
Don't create a certificate request when creating a dummy cert
2013-09-24 21:18:41 +02:00
Aldo Cortesi
62edceee09
Revamp dummy cert generation.
...
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Maximilian Hils
c9ab1c60b5
always read files in binary mode
2013-06-16 00:28:21 +02:00
Aldo Cortesi
7f0aa415e1
Add a request_client_cert argument to server SSL conversion.
...
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual. Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus. Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Tim Becker
241465c368
extensions aren't supported in v1, set to v3 (value=2) if using them.
2013-04-19 15:37:14 +02:00
Aldo Cortesi
97e11a219f
Housekeeping and cleanup, some minor argument name changes.
2013-02-24 15:36:15 +13:00
Aldo Cortesi
c6f9a2d74d
More accurate description of an HTTP read error, make pyflakes happy.
2013-02-24 11:08:43 +13:00
Aldo Cortesi
00d20abdd4
Beef up client certificate handling substantially.
2013-01-20 22:13:38 +13:00
Aldo Cortesi
e4acace8ea
Sanity-check certstore common names.
2013-01-06 01:34:39 +13:00
Aldo Cortesi
91834ea78f
Generate certificates with a commencement date an hour in the past.
...
This helps smooth over small discrepancies in client and server times, where
it's possible for a certificate to seem to be "in the future" to the client.
2013-01-06 01:16:58 +13:00
Aldo Cortesi
72032d7fe7
Basic certificate store implementation and cert utils API cleanup.
2013-01-06 01:16:25 +13:00
Aldo Cortesi
728ef107a0
Ignore SAN entries that we don't understand.
2012-07-24 14:55:54 +12:00
Aldo Cortesi
a1a1663c0f
Fix cert path.
2012-07-20 14:45:58 +12:00
Maximilian Hils
9ab7842c81
fix relative certdir
2012-07-11 11:09:41 +02:00
Aldo Cortesi
7480f87cd7
Add utility function for converstion to PEM.
2012-06-28 14:56:21 +12:00
Aldo Cortesi
a1491a6ae0
Add a get_remote_cert method to tcp client.
2012-06-28 08:15:55 +12:00
Aldo Cortesi
b0ef9ad07b
Refactor certutils.SSLCert API.
2012-06-27 22:11:58 +12:00