Commit Graph

91 Commits

Author SHA1 Message Date
Maximilian Hils
6d1b601ddf minor cleanups 2014-08-16 15:53:07 +02:00
kronick
197dae9183 Made attribute optional (as it is in pyOpenSSL)
See 0d7e8a1af2 -- It looks like this constant isn't set on some platforms (including Raspberry Pi's libssl)
2014-07-29 15:12:13 +02:00
Maximilian Hils
66ac56509f add support for ctx.load_verify_locations, refs mitmproxy/mitmproxy#174 2014-05-21 01:14:55 +02:00
Maximilian Hils
71834aeab1 make cert and key mandatory 2014-05-15 14:15:33 +02:00
Maximilian Hils
a8345af282 extract cert creation to be accessible in handle_sni callbacks 2014-05-15 13:51:59 +02:00
Maximilian Hils
4bd15a28b7 fix #28 2014-03-10 17:43:39 +01:00
Aldo Cortesi
2a12aa3c47 Support Ephemeral Diffie-Hellman 2014-03-07 16:38:50 +13:00
Aldo Cortesi
86730a9a4c Handler convert_to_ssl now takes a key object, not a path. 2014-03-05 13:43:52 +13:00
Aldo Cortesi
cfaa3da25c Use PyOpenSSL's underlying ffi interface to get current cipher for connections. 2014-03-02 21:37:28 +13:00
Aldo Cortesi
e381c03668 Cleanups, tests, and no-cover directives for code sections we can't test. 2014-03-02 16:47:10 +13:00
Aldo Cortesi
3443bae94e Cipher suite selection for client connections, improved error handling 2014-02-27 18:35:16 +13:00
Maximilian Hils
c276b4294c allow super() on TCPServer, add thread names for better debugging 2014-02-15 23:16:28 +01:00
Maximilian Hils
7fc544bc7f adjust netlib.wsgi to reflect changes in mitmproxys flow format 2014-02-05 21:34:14 +01:00
Maximilian Hils
0bbc40dc33 store used sni in TCPClient, add equality check for tcp.Address 2014-02-04 04:51:41 +01:00
Maximilian Hils
dc45b4bf19 move StateObject back into libmproxy 2014-01-31 01:06:53 +01:00
Maximilian Hils
ff9656be80 remove subclassing of tuple in tcp.Address, move StateObject into netlib 2014-01-30 20:07:30 +01:00
Maximilian Hils
e18ac4b672 re-add server attribute to BaseHandler 2014-01-28 20:30:16 +01:00
Maximilian Hils
763cb90b66 add tcp.Address to unify ipv4/ipv6 address handling 2014-01-28 17:26:35 +01:00
Maximilian Hils
d0a6d2e254 fix tests, remove duplicate code 2014-01-09 05:33:21 +01:00
Maximilian Hils
951f2d517f change parameter names to reflect changes 2014-01-09 01:57:37 +01:00
Maximilian Hils
f2e8efdf15 merge smurfix/ipv6, add ipv6 support for TCPServer, add ipv6 test 2013-12-13 15:04:38 +01:00
Matthias Urlichs
6f26cec83e tab fix 2013-12-12 07:11:13 +01:00
Matthias Urlichs
a7ac97eb82 support ipv6 2013-12-12 07:00:58 +01:00
Aldo Cortesi
4840c6b3bf Fix race condition in test suite. 2013-12-08 15:26:30 +13:00
Aldo Cortesi
d05c20d8fa Domain checks for persistent cert store is now irrelevant.
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi
98a580cf69 Merge pull request #19 from rouli/ciphersuites
adding cipher list selection option to BaseHandler
2013-12-07 15:51:44 -08:00
Aldo Cortesi
ed74b62856 Merge branch 'fix_invalid_tcp_close' 2013-12-08 10:15:43 +13:00
Aldo Cortesi
5aad09ab81 Fix client certificate request feature. 2013-12-08 10:15:19 +13:00
Aldo Cortesi
7428f95474 Handle interrupted system call errors. 2013-08-25 10:22:09 +12:00
Israel Nir
d5b3e397e1 adding cipher list selection option to BaseHandler 2013-08-21 13:42:30 +03:00
Maximilian Hils
28a0030c1e compatibility fixes for windows 2013-08-19 19:41:20 +02:00
Maximilian Hils
c44f354fd0 fix windows bugs 2013-08-17 16:15:37 +02:00
Aldo Cortesi
62edceee09 Revamp dummy cert generation.
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Aldo Cortesi
2da57ecff0 Correct order of precedence for SSL errors. 2013-08-11 11:47:07 +12:00
Aldo Cortesi
b9f06b473c Better handling of cert errors. 2013-08-10 23:07:09 +12:00
Aldo Cortesi
f5fdfd8a9f Clarify the interface for flush and close methods. 2013-07-30 09:42:13 +12:00
Aldo Cortesi
6709253629 Merge pull request #16 from mitmproxy/fix_socket_buffer
attempt to fix 'half-duplex' TCP close sequence
2013-07-28 14:55:40 -07:00
Andrey Plotnikov
02376b6a75 Add socket binding support for TCPClient 2013-07-07 13:33:56 +08:00
Maximilian Hils
68e2e782b0 attempt to fix 'half-duplex' TCP close sequence 2013-06-17 17:03:17 +02:00
Aldo Cortesi
7f0aa415e1 Add a request_client_cert argument to server SSL conversion.
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual.  Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus.  Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Aldo Cortesi
9c13224353 Fix exception hierarchy. 2013-05-05 13:49:20 +12:00
Aldo Cortesi
1fe1a802ad 100% test coverage. 2013-03-03 12:16:09 +13:00
Aldo Cortesi
f30df13384 Make sni_handler an argument to BaseHandler.convert_to_ssl 2013-02-25 21:11:09 +13:00
Aldo Cortesi
97e11a219f Housekeeping and cleanup, some minor argument name changes. 2013-02-24 15:36:15 +13:00
Aldo Cortesi
c6f9a2d74d More accurate description of an HTTP read error, make pyflakes happy. 2013-02-24 11:08:43 +13:00
Aldo Cortesi
7d18535665 100% test coverage 2013-01-27 19:21:18 +13:00
Aldo Cortesi
7433dfceae Bump unit tests, fix two serious wee buglets discovered. 2013-01-26 21:29:45 +13:00
Aldo Cortesi
e5b125eec8 Introduce the mock module to improve unit tests.
There are a few socket corner-cases that are incredibly hard to reproduce in a
unit test suite, so we use mock to trigger the exceptions instead.
2013-01-26 21:19:35 +13:00
Aldo Cortesi
2eb6651e51 Extract TCP test utilities into netlib.test 2013-01-25 15:54:41 +13:00
Aldo Cortesi
7248a22d5e Improve error signalling for client certificates. 2013-01-20 22:36:54 +13:00