Maximilian Hils
a3af0ce71d
tests++
2016-02-01 20:10:18 +01:00
Maximilian Hils
bda49dd178
fix #113 , make Reader.peek() work on Python 3
2016-02-01 19:38:14 +01:00
Maximilian Hils
7c83a709ea
add test for Reader.peek()
2016-02-01 19:24:30 +01:00
Thomas Kriechbaumer
1b487539b1
move tservers to netlib module
2016-01-25 09:20:44 +01:00
Maximilian Hils
5af9df326a
fix certificate verification
...
This commit fixes netlib's optional (turned off by default)
certificate verification, which previously did not validate the
cert's host name. As it turns out, verifying the connection's host
name on an intercepting proxy is not really straightforward - if
we receive a connection in transparent mode without SNI, we have no
clue which hosts the client intends to connect to. There are two
basic approaches to solve this problem:
1. Exactly mirror the host names presented by the server in the
spoofed certificate presented to the client.
2. Require the client to send the TLS Server Name Indication
extension. While this does not work with older clients,
we can validate the hostname on the proxy.
Approach 1 is problematic in mitmproxy's use case, as we may want
to deliberately divert connections without the client's knowledge.
As a consequence, we opt for approach 2. While mitmproxy does now
require a SNI value to be sent by the client if certificate
verification is turned on, we retain our ability to present
certificates to the client which are accepted with a maximum
likelihood.
2015-11-01 18:15:30 +01:00
Maximilian Hils
daebd1bd27
python3++
2015-09-20 20:35:45 +02:00
Maximilian Hils
0ad5cbc6bf
python3++
2015-09-20 19:56:45 +02:00
Maximilian Hils
3f1ca556d1
python3++
2015-09-20 18:12:55 +02:00
Maximilian Hils
dad9f06cb9
organize exceptions, improve content-length handling
2015-09-17 02:14:14 +02:00
Thomas Kriechbaumer
0be84fd6b9
fix tutils imports
2015-08-01 14:49:15 +02:00
Maximilian Hils
1b26161382
add distinct error for cert verification issues
2015-07-24 16:47:28 +02:00
Maximilian Hils
2723a0e573
remove certffi
2015-06-26 13:26:35 +02:00
Kyle Morton
d1452424be
Cleaning up upstream server verification. Adding storage of cerificate
...
verification errors on TCPClient object to enable warnings in downstream
projects.
2015-06-22 17:31:13 -07:00
Aldo Cortesi
2aa1b98fbf
netlib/test.py -> test/tservers.py
2015-06-22 14:52:23 +12:00
Thomas Kriechbaumer
abb37a3ef5
http2: improve test suite
2015-06-16 15:00:28 +02:00
Aldo Cortesi
bb206323ab
Merge pull request #69 from kyle-m/master
...
Adding support for upstream certificate validation when using SSL/TLS…
2015-06-16 10:34:09 +12:00
Kyle Morton
fe764cde52
Adding support for upstream certificate validation when using SSL/TLS with an
...
instance of TCPClient.
2015-06-15 10:18:54 -07:00
Thomas Kriechbaumer
5fab755a05
add more tests
2015-06-12 15:27:29 +02:00
Thomas Kriechbaumer
abbe88c8ce
fix non-ALPN supported OpenSSL-related tests
2015-06-08 13:25:42 +02:00
Thomas Kriechbaumer
49043131cc
increase test coverage
2015-06-05 20:22:20 +02:00
Thomas Kriechbaumer
9883509f89
simplify default ssl params for test servers
2015-06-05 13:33:37 +02:00
Aldo Cortesi
f76bfabc5d
Adjust pep8 parameters, reformat
2015-05-30 12:02:58 +12:00
Thomas Kriechbaumer
629fa8e552
make tests aware of ALPN & OpenSSL 1.0.2 dependency
2015-05-29 17:04:12 +02:00
Thomas Kriechbaumer
780836b182
add ALPN support to TCP abstraction
2015-05-29 15:31:22 +02:00
Thomas Kriechbaumer
bdb62101bb
test Address __str__
2015-05-29 11:42:46 +02:00
Thomas Kriechbaumer
e3d390e036
cleanup code with autopep8
...
run the following command:
$ autopep8 -i -r -a -a .
2015-05-27 11:19:11 +02:00
Maximilian Hils
7f7ccd3a18
100% test coverage
2015-04-09 00:57:37 +02:00
Maximilian Hils
24a3dd59fe
try harder to fix race condition in tests
2015-02-27 22:34:36 +01:00
Maximilian Hils
d71f3b68fd
make tests more robust, fix coveralls
2015-02-27 22:27:23 +01:00
Maximilian Hils
da1eb94ccd
100% test coverage 🎉
2015-02-27 22:02:52 +01:00
Maximilian Hils
74a5600190
fix tests
2014-10-23 15:31:42 +02:00
Maximilian Hils
9ef84ccc1c
clean up code
2014-10-09 00:15:39 +02:00
Maximilian Hils
fdb6f5552d
CertStore: add support for cert chains
2014-10-08 20:46:30 +02:00
Aldo Cortesi
63c1efd394
Remove avoidable imports from OpenSSL
...
Fixes #38
2014-09-09 10:08:56 +12:00
Maximilian Hils
6d1b601ddf
minor cleanups
2014-08-16 15:53:07 +02:00
Maximilian Hils
cba927885e
fix tests
2014-07-18 23:08:29 +02:00
Maximilian Hils
55c2133b69
add test case for mitmproxy/mitmproxy#295
2014-07-17 01:47:24 +02:00
Maximilian Hils
4bd15a28b7
fix #28
2014-03-10 17:43:39 +01:00
Aldo Cortesi
f5cc63d653
Certificate flags
2014-03-10 17:29:27 +13:00
Aldo Cortesi
2a12aa3c47
Support Ephemeral Diffie-Hellman
2014-03-07 16:38:50 +13:00
Aldo Cortesi
d56f7fba80
We now require PyOpenSSL >= 0.14
2014-03-02 22:14:33 +13:00
Aldo Cortesi
cfaa3da25c
Use PyOpenSSL's underlying ffi interface to get current cipher for connections.
2014-03-02 21:37:28 +13:00
Aldo Cortesi
e381c03668
Cleanups, tests, and no-cover directives for code sections we can't test.
2014-03-02 16:47:10 +13:00
Aldo Cortesi
3443bae94e
Cipher suite selection for client connections, improved error handling
2014-02-27 18:35:16 +13:00
Maximilian Hils
7fc544bc7f
adjust netlib.wsgi to reflect changes in mitmproxys flow format
2014-02-05 21:34:14 +01:00
Maximilian Hils
763cb90b66
add tcp.Address to unify ipv4/ipv6 address handling
2014-01-28 17:26:35 +01:00
Maximilian Hils
cebec67e08
refactor read_http_body
2013-12-15 06:43:54 +01:00
Maximilian Hils
0187d92ec0
test tcpclient.source_address, increase coverage
2013-12-14 00:19:24 +01:00
Maximilian Hils
f2e8efdf15
merge smurfix/ipv6, add ipv6 support for TCPServer, add ipv6 test
2013-12-13 15:04:38 +01:00
Aldo Cortesi
4840c6b3bf
Fix race condition in test suite.
2013-12-08 15:26:30 +13:00