Commit Graph

28 Commits

Author SHA1 Message Date
Aldo Cortesi
7c82418e0b Beef up CertStore, add DH params. 2014-03-04 14:12:58 +13:00
Aldo Cortesi
7788391903 Minor improvement to CertStore interface 2014-03-02 13:50:19 +13:00
Maximilian Hils
dc45b4bf19 move StateObject back into libmproxy 2014-01-31 01:06:53 +01:00
Maximilian Hils
ff9656be80 remove subclassing of tuple in tcp.Address, move StateObject into netlib 2014-01-30 20:07:30 +01:00
Maximilian Hils
763cb90b66 add tcp.Address to unify ipv4/ipv6 address handling 2014-01-28 17:26:35 +01:00
Aldo Cortesi
ac1a700fa1 Make certificate not-before time 48 hours.
Fixes #200
2014-01-08 14:46:55 +13:00
Aldo Cortesi
d05c20d8fa Domain checks for persistent cert store is now irrelevant.
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi
af8f98d493 Merge pull request #22 from fictivekin/custom-o-cn
allow specification of o, cn, expiry
2013-12-07 15:42:54 -08:00
Sean Coates
642b3f002e remove tempfile and shutil imports because they're not actually used 2013-10-07 16:55:35 -04:00
Sean Coates
53b7c5abdd allow specification of o, cn, expiry 2013-10-07 16:48:30 -04:00
Paul
98f765f693 Don't create a certificate request when creating a dummy cert 2013-09-24 21:18:41 +02:00
Aldo Cortesi
62edceee09 Revamp dummy cert generation.
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Maximilian Hils
c9ab1c60b5 always read files in binary mode 2013-06-16 00:28:21 +02:00
Aldo Cortesi
7f0aa415e1 Add a request_client_cert argument to server SSL conversion.
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual.  Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus.  Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Tim Becker
241465c368 extensions aren't supported in v1, set to v3 (value=2) if using them. 2013-04-19 15:37:14 +02:00
Aldo Cortesi
97e11a219f Housekeeping and cleanup, some minor argument name changes. 2013-02-24 15:36:15 +13:00
Aldo Cortesi
c6f9a2d74d More accurate description of an HTTP read error, make pyflakes happy. 2013-02-24 11:08:43 +13:00
Aldo Cortesi
00d20abdd4 Beef up client certificate handling substantially. 2013-01-20 22:13:38 +13:00
Aldo Cortesi
e4acace8ea Sanity-check certstore common names. 2013-01-06 01:34:39 +13:00
Aldo Cortesi
91834ea78f Generate certificates with a commencement date an hour in the past.
This helps smooth over small discrepancies in client and server times, where
it's possible for a certificate to seem to be "in the future" to the client.
2013-01-06 01:16:58 +13:00
Aldo Cortesi
72032d7fe7 Basic certificate store implementation and cert utils API cleanup. 2013-01-06 01:16:25 +13:00
Aldo Cortesi
728ef107a0 Ignore SAN entries that we don't understand. 2012-07-24 14:55:54 +12:00
Aldo Cortesi
a1a1663c0f Fix cert path. 2012-07-20 14:45:58 +12:00
Maximilian Hils
9ab7842c81 fix relative certdir 2012-07-11 11:09:41 +02:00
Aldo Cortesi
7480f87cd7 Add utility function for converstion to PEM. 2012-06-28 14:56:21 +12:00
Aldo Cortesi
a1491a6ae0 Add a get_remote_cert method to tcp client. 2012-06-28 08:15:55 +12:00
Aldo Cortesi
b0ef9ad07b Refactor certutils.SSLCert API. 2012-06-27 22:11:58 +12:00
Aldo Cortesi
f7fcb1c80b Add certutils to netlib. 2012-06-27 16:42:00 +12:00