Maximilian Hils
dbadc1b613
clean up cert handling, fix mitmproxy/mitmproxy#472
2015-03-07 01:22:02 +01:00
Maximilian Hils
da1eb94ccd
100% test coverage 🎉
2015-02-27 22:02:52 +01:00
Maximilian Hils
224f737646
add option to log ssl keys
...
refs mitmproxy/mitmproxy#475
2015-02-27 16:59:29 +01:00
Maximilian Hils
438c1fbc7d
TCPClient: Use TLS1.1+ where available, BaseHandler: disable SSLv2
2014-12-15 12:32:36 +01:00
Aldo Cortesi
c56e7a90d8
Fix tracebacks in connection finish
2014-11-15 12:31:13 +13:00
Aldo Cortesi
0811a9ebde
.flush can raise NetlibDisconnect. This fixes a traceback found in fuzzing.
2014-11-07 16:01:41 +13:00
Maximilian Hils
ed5e685565
refactor tcp close, fix mitmproxy/mitmproxy#376
2014-10-22 17:54:20 +02:00
Maximilian Hils
29a4e91050
fix mitmproxy/mitmproxy#375
2014-10-17 18:48:30 +02:00
Maximilian Hils
e6a8730f98
fix tcp closing for ssled connections
2014-10-09 04:42:39 +02:00
Maximilian Hils
fdb6f5552d
CertStore: add support for cert chains
2014-10-08 20:46:30 +02:00
Maximilian Hils
274688172d
fix mitmproxy/mitmproxy#373
2014-10-08 18:40:46 +02:00
Maximilian Hils
e73a2dbab1
minor changes
2014-09-28 03:15:26 +02:00
Aldo Cortesi
b21df0cf44
Merge branch 'master' of ssh.github.com:cortesi/netlib
2014-09-09 10:10:10 +12:00
Aldo Cortesi
63c1efd394
Remove avoidable imports from OpenSSL
...
Fixes #38
2014-09-09 10:08:56 +12:00
Maximilian Hils
f90ea89e69
more verbose errors
2014-09-08 18:38:05 +02:00
Aldo Cortesi
f98989b075
Merge branch 'master' into mitmproxy_issue_341
...
Conflicts:
netlib/tcp.py
2014-09-07 12:39:59 +12:00
Aldo Cortesi
3b81d678c4
Use print function after future import
2014-09-07 11:24:41 +12:00
Maximilian Hils
4bf7f3c0ff
set source_address if not manually specified
2014-09-04 16:55:02 +02:00
Maximilian Hils
ec628bc37d
fix tcp.Address inequality comparison
2014-09-04 01:10:44 +02:00
Maximilian Hils
3d489f3bb7
adapt netlib.wsgi to changes in mitmproxy/mitmproxy#341
2014-09-03 17:15:50 +02:00
Maximilian Hils
6d1b601ddf
minor cleanups
2014-08-16 15:53:07 +02:00
kronick
197dae9183
Made attribute optional (as it is in pyOpenSSL)
...
See 0d7e8a1af2
-- It looks like this constant isn't set on some platforms (including Raspberry Pi's libssl)
2014-07-29 15:12:13 +02:00
Maximilian Hils
66ac56509f
add support for ctx.load_verify_locations, refs mitmproxy/mitmproxy#174
2014-05-21 01:14:55 +02:00
Maximilian Hils
71834aeab1
make cert and key mandatory
2014-05-15 14:15:33 +02:00
Maximilian Hils
a8345af282
extract cert creation to be accessible in handle_sni callbacks
2014-05-15 13:51:59 +02:00
Maximilian Hils
4bd15a28b7
fix #28
2014-03-10 17:43:39 +01:00
Aldo Cortesi
2a12aa3c47
Support Ephemeral Diffie-Hellman
2014-03-07 16:38:50 +13:00
Aldo Cortesi
86730a9a4c
Handler convert_to_ssl now takes a key object, not a path.
2014-03-05 13:43:52 +13:00
Aldo Cortesi
cfaa3da25c
Use PyOpenSSL's underlying ffi interface to get current cipher for connections.
2014-03-02 21:37:28 +13:00
Aldo Cortesi
e381c03668
Cleanups, tests, and no-cover directives for code sections we can't test.
2014-03-02 16:47:10 +13:00
Aldo Cortesi
3443bae94e
Cipher suite selection for client connections, improved error handling
2014-02-27 18:35:16 +13:00
Maximilian Hils
c276b4294c
allow super() on TCPServer, add thread names for better debugging
2014-02-15 23:16:28 +01:00
Maximilian Hils
7fc544bc7f
adjust netlib.wsgi to reflect changes in mitmproxys flow format
2014-02-05 21:34:14 +01:00
Maximilian Hils
0bbc40dc33
store used sni in TCPClient, add equality check for tcp.Address
2014-02-04 04:51:41 +01:00
Maximilian Hils
dc45b4bf19
move StateObject back into libmproxy
2014-01-31 01:06:53 +01:00
Maximilian Hils
ff9656be80
remove subclassing of tuple in tcp.Address, move StateObject into netlib
2014-01-30 20:07:30 +01:00
Maximilian Hils
e18ac4b672
re-add server attribute to BaseHandler
2014-01-28 20:30:16 +01:00
Maximilian Hils
763cb90b66
add tcp.Address to unify ipv4/ipv6 address handling
2014-01-28 17:26:35 +01:00
Maximilian Hils
d0a6d2e254
fix tests, remove duplicate code
2014-01-09 05:33:21 +01:00
Maximilian Hils
951f2d517f
change parameter names to reflect changes
2014-01-09 01:57:37 +01:00
Maximilian Hils
f2e8efdf15
merge smurfix/ipv6, add ipv6 support for TCPServer, add ipv6 test
2013-12-13 15:04:38 +01:00
Matthias Urlichs
6f26cec83e
tab fix
2013-12-12 07:11:13 +01:00
Matthias Urlichs
a7ac97eb82
support ipv6
2013-12-12 07:00:58 +01:00
Aldo Cortesi
4840c6b3bf
Fix race condition in test suite.
2013-12-08 15:26:30 +13:00
Aldo Cortesi
d05c20d8fa
Domain checks for persistent cert store is now irrelevant.
...
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi
98a580cf69
Merge pull request #19 from rouli/ciphersuites
...
adding cipher list selection option to BaseHandler
2013-12-07 15:51:44 -08:00
Aldo Cortesi
ed74b62856
Merge branch 'fix_invalid_tcp_close'
2013-12-08 10:15:43 +13:00
Aldo Cortesi
5aad09ab81
Fix client certificate request feature.
2013-12-08 10:15:19 +13:00
Aldo Cortesi
7428f95474
Handle interrupted system call errors.
2013-08-25 10:22:09 +12:00
Israel Nir
d5b3e397e1
adding cipher list selection option to BaseHandler
2013-08-21 13:42:30 +03:00
Maximilian Hils
28a0030c1e
compatibility fixes for windows
2013-08-19 19:41:20 +02:00
Maximilian Hils
c44f354fd0
fix windows bugs
2013-08-17 16:15:37 +02:00
Aldo Cortesi
62edceee09
Revamp dummy cert generation.
...
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Aldo Cortesi
2da57ecff0
Correct order of precedence for SSL errors.
2013-08-11 11:47:07 +12:00
Aldo Cortesi
b9f06b473c
Better handling of cert errors.
2013-08-10 23:07:09 +12:00
Aldo Cortesi
f5fdfd8a9f
Clarify the interface for flush and close methods.
2013-07-30 09:42:13 +12:00
Aldo Cortesi
6709253629
Merge pull request #16 from mitmproxy/fix_socket_buffer
...
attempt to fix 'half-duplex' TCP close sequence
2013-07-28 14:55:40 -07:00
Andrey Plotnikov
02376b6a75
Add socket binding support for TCPClient
2013-07-07 13:33:56 +08:00
Maximilian Hils
68e2e782b0
attempt to fix 'half-duplex' TCP close sequence
2013-06-17 17:03:17 +02:00
Aldo Cortesi
7f0aa415e1
Add a request_client_cert argument to server SSL conversion.
...
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual. Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus. Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Aldo Cortesi
9c13224353
Fix exception hierarchy.
2013-05-05 13:49:20 +12:00
Aldo Cortesi
1fe1a802ad
100% test coverage.
2013-03-03 12:16:09 +13:00
Aldo Cortesi
f30df13384
Make sni_handler an argument to BaseHandler.convert_to_ssl
2013-02-25 21:11:09 +13:00
Aldo Cortesi
97e11a219f
Housekeeping and cleanup, some minor argument name changes.
2013-02-24 15:36:15 +13:00
Aldo Cortesi
c6f9a2d74d
More accurate description of an HTTP read error, make pyflakes happy.
2013-02-24 11:08:43 +13:00
Aldo Cortesi
7d18535665
100% test coverage
2013-01-27 19:21:18 +13:00
Aldo Cortesi
7433dfceae
Bump unit tests, fix two serious wee buglets discovered.
2013-01-26 21:29:45 +13:00
Aldo Cortesi
e5b125eec8
Introduce the mock module to improve unit tests.
...
There are a few socket corner-cases that are incredibly hard to reproduce in a
unit test suite, so we use mock to trigger the exceptions instead.
2013-01-26 21:19:35 +13:00
Aldo Cortesi
2eb6651e51
Extract TCP test utilities into netlib.test
2013-01-25 15:54:41 +13:00
Aldo Cortesi
7248a22d5e
Improve error signalling for client certificates.
2013-01-20 22:36:54 +13:00
Aldo Cortesi
00d20abdd4
Beef up client certificate handling substantially.
2013-01-20 22:13:38 +13:00
Aldo Cortesi
1499529e62
Fix client cert typo.
2013-01-18 17:07:35 +13:00
Rouli
04048b4c73
renaming the timestamp in preparation of other timestamps that will be added later, adding tests
2013-01-16 22:30:19 +02:00
Israel Nir
10457e876a
adding read timestamp to enable better resolution of when certain reads were performed (timestamp is updated when the first byte is available on the network)
2013-01-10 15:51:37 +02:00
Aldo Cortesi
6517d9e717
More info on disconnect exception.
2012-10-14 09:03:23 +13:00
Aldo Cortesi
77869634e2
Limit reads to block length.
2012-10-09 16:25:15 +13:00
Aldo Cortesi
15679e010d
Add a settimeout method to tcp.BaseHandler.
2012-10-01 11:30:02 +13:00
Aldo Cortesi
3a21e28bf1
Split FileLike into Writer and Reader, and add logging functionality.
2012-09-24 11:10:21 +12:00
Aldo Cortesi
8a6cca530c
Don't create fresh FileLike objects when converting to SSL
2012-09-24 10:47:41 +12:00
Aldo Cortesi
eafa5566c2
Handle disconnects on flush.
2012-07-30 11:30:31 +12:00
Aldo Cortesi
91752990d5
Handle HTTP responses that have a body but no content-length or transfer encoding
...
We check if the server sent a connection:close header, and read till the socket
closes.
Closes #2
2012-07-24 11:41:18 +12:00
Aldo Cortesi
eb88cea3c7
Catch an amazingly subtle SSL connection corruption bug.
...
Closing a set of pseudo-file descriptors in the wrong order caused junk data to
be written to the SSL stream. An apparent bug in OpenSSL then lets this corrupt
the _next_ SSL connection.
2012-07-23 23:20:32 +12:00
Aldo Cortesi
619f3c6edc
Handle unexpected SSL connection termination in readline.
2012-07-21 20:51:05 +12:00
Aldo Cortesi
b2c491fe39
Handle socket disconnects on reads.
2012-07-21 17:50:21 +12:00
Aldo Cortesi
2387d2e8ed
Timeout for TCP clients.
2012-07-21 16:10:54 +12:00
Aldo Cortesi
ba53d2e4ca
Set ssl_established right after the connection object is changed.
2012-07-20 15:15:07 +12:00
Aldo Cortesi
63d789109a
close() methods for clients and servers.
2012-07-20 14:43:51 +12:00
Aldo Cortesi
4fdc2179e2
Don't write empty values.
2012-07-10 16:34:39 +12:00
Aldo Cortesi
721e2c8277
Somewhat nicer handling of errors after thread termination.
2012-07-10 16:22:45 +12:00
Aldo Cortesi
ba7437abcb
Add an exception to indicate remote disconnects.
2012-07-08 23:50:38 +12:00
Aldo Cortesi
20cc1b6aa4
Refactor TCP test suite.
2012-07-05 10:57:20 +12:00
Aldo Cortesi
96af5c16a0
Expose SSL options, use TLSv1 by default for client connections.
2012-07-04 21:30:07 +12:00
Aldo Cortesi
67669a2a57
Allow control of buffer size for TCPClient, improve error messages.
2012-06-30 10:52:28 +12:00
Aldo Cortesi
3f9aad53ab
Return a certutils.SSLCert object from get_remote_cert.
2012-06-28 10:59:03 +12:00
Aldo Cortesi
bae86480d4
Merge branch 'master' of github.com:cortesi/netlib
2012-06-28 09:57:33 +12:00
Aldo Cortesi
92c7d38bd3
Handle obscure termination scenario, where interpreter exits before thread termination.
2012-06-28 09:56:58 +12:00
Aldo Cortesi
a1491a6ae0
Add a get_remote_cert method to tcp client.
2012-06-28 08:15:55 +12:00
Aldo Cortesi
97071c0952
Merge branch 'master' of ssh.github.com:cortesi/netlib
2012-06-27 16:24:34 +12:00
Aldo Cortesi
5d4c7829bf
Minor refactoring.
2012-06-27 16:24:22 +12:00
Aldo Cortesi
d0fd8385e6
Fix termiantion error in file read.
2012-06-27 12:11:55 +12:00