Commit Graph

274 Commits

Author SHA1 Message Date
Maximilian Hils
5af9df326a fix certificate verification
This commit fixes netlib's optional (turned off by default)
certificate verification, which previously did not validate the
cert's host name. As it turns out, verifying the connection's host
name on an intercepting proxy is not really straightforward - if
we receive a connection in transparent mode without SNI, we have no
clue which hosts the client intends to connect to. There are two
basic approaches to solve this problem:

 1. Exactly mirror the host names presented by the server in the
    spoofed certificate presented to the client.
 2. Require the client to send the TLS Server Name Indication
    extension. While this does not work with older clients,
    we can validate the hostname on the proxy.

Approach 1 is problematic in mitmproxy's use case, as we may want
to deliberately divert connections without the client's knowledge.
As a consequence, we opt for approach 2. While mitmproxy does now
require a SNI value to be sent by the client if certificate
verification is turned on, we retain our ability to present
certificates to the client which are accepted with a maximum
likelihood.
2015-11-01 18:15:30 +01:00
Maximilian Hils
b4eb4eab92 adjust test certificate generation 2015-11-01 17:48:34 +01:00
Maximilian Hils
267837f441 add test certificate generator 2015-10-16 18:12:36 +02:00
Maximilian Hils
2e1f7ecd55 fix tests 2015-09-28 14:04:25 +02:00
Maximilian Hils
67229fbdf7 Merge branch 'http-models' 2015-09-28 13:53:59 +02:00
Maximilian Hils
5261bcdf4b properly adjust tests for 87566da3ba 2015-09-28 11:46:18 +02:00
Maximilian Hils
87566da3ba fix mitmproxy/mitmproxy#784 2015-09-28 11:18:00 +02:00
Maximilian Hils
23d13e4c12 test response model, push coverage to 100% branch cov 2015-09-27 00:49:41 +02:00
Maximilian Hils
466888b01a improve request tests, coverage++ 2015-09-26 20:07:11 +02:00
Maximilian Hils
49ea8fc0eb refactor response model 2015-09-26 17:39:50 +02:00
Maximilian Hils
106f7046d3 refactor request model 2015-09-26 00:39:04 +02:00
Maximilian Hils
f937522773 Headers: return str on all Python versions 2015-09-22 01:48:35 +02:00
Maximilian Hils
9dea36e439 remove nose references 2015-09-21 01:22:05 +02:00
Maximilian Hils
73586b1be9 python 3++ 2015-09-21 00:44:17 +02:00
Maximilian Hils
daebd1bd27 python3++ 2015-09-20 20:35:45 +02:00
Maximilian Hils
292a0aa9e6 make tests compatible with py.test 2015-09-20 19:56:57 +02:00
Maximilian Hils
0ad5cbc6bf python3++ 2015-09-20 19:56:45 +02:00
Maximilian Hils
693cdfc6d7 python3++ 2015-09-20 19:40:09 +02:00
Maximilian Hils
3f1ca556d1 python3++ 2015-09-20 18:12:55 +02:00
Maximilian Hils
551d9f11e5 experimental: don't interfere with headers 2015-09-18 18:05:50 +02:00
Maximilian Hils
f2c87cff8a fix py3 tests 2015-09-17 17:32:59 +02:00
Maximilian Hils
266b80238d fix tests 2015-09-17 17:29:55 +02:00
Maximilian Hils
d798ed955d python3++ 2015-09-17 16:31:50 +02:00
Maximilian Hils
8d71059d77 clean up http message models 2015-09-17 15:16:12 +02:00
Maximilian Hils
a07e43df8b http1: add assemble_body function 2015-09-17 02:39:42 +02:00
Maximilian Hils
dad9f06cb9 organize exceptions, improve content-length handling 2015-09-17 02:14:14 +02:00
Maximilian Hils
265f31e878 adjust http1-related code 2015-09-16 18:43:24 +02:00
Maximilian Hils
a077d8877d finish netlib.http.http1 refactor 2015-09-16 00:04:23 +02:00
Maximilian Hils
11e7f476bd wip 2015-09-15 19:12:15 +02:00
Maximilian Hils
997fcde8ce make clean_bin unicode-aware 2015-09-12 17:03:09 +02:00
Maximilian Hils
92c763f469 fix mitmproxy/mitmproxy#759 2015-09-10 12:32:38 +02:00
Maximilian Hils
fc86bbd03e let Headers inherit from object
fixes mitmproxy/mitmproxy#753
2015-09-08 15:16:25 +02:00
Maximilian Hils
66ee1f465f headers: adjust everything 2015-09-05 18:15:47 +02:00
Maximilian Hils
3718e59308 finalize Headers, add tests 2015-09-05 15:27:48 +02:00
Thomas Kriechbaumer
daf512ce93 http2: fix tests 2015-08-26 21:04:13 +02:00
Maximilian Hils
21858995ae request -> request_method 2015-08-24 18:16:34 +02:00
Thomas Kriechbaumer
cd9701050f read_response depends on request for stream_id 2015-08-21 10:04:57 +02:00
Thomas Kriechbaumer
6fc2ff9469 http2: fix tests 2015-08-21 09:18:14 +02:00
Thomas Kriechbaumer
00ed982ea0 cleanup 2015-08-20 20:44:58 +02:00
Thomas Kriechbaumer
9686a77dcb http2: implement request target 2015-08-18 22:17:00 +02:00
Thomas Kriechbaumer
07a1356e2f http2: add support for too large header frames 2015-08-18 21:22:42 +02:00
Thomas Kriechbaumer
0d384ac2a9 http2: add support for too large data frames 2015-08-18 21:22:42 +02:00
Thomas Kriechbaumer
12efa61e3a fix request-target tests 2015-08-18 21:22:27 +02:00
Aldo Cortesi
99e89a1efc Remove stray prints from test suite 2015-08-16 21:47:26 +12:00
Thomas Kriechbaumer
6a30ad2ad2 fix minor style offences 2015-08-10 20:50:05 +02:00
Thomas Kriechbaumer
ff27d65f08 cleanup whitespace 2015-08-10 20:44:36 +02:00
Thomas Kriechbaumer
476badf45c cleanup imports 2015-08-10 20:36:47 +02:00
Thomas Kriechbaumer
690b8b4f4e add move tests and code from mitmproxy 2015-08-10 20:34:27 +02:00
Maximilian Hils
c2832ef72b fix mitmproxy/mitmproxy#705 2015-08-03 18:06:31 +02:00
Thomas Kriechbaumer
1c12e7c2b8 move encoding tests from mitmproxy to netlib 2015-08-01 14:53:13 +02:00