Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

do some housekeeping

This commit is contained in:
Maximilian Hils 2015-03-02 14:35:50 +01:00
parent 7cf1ec7435
commit 75ba0a92e4
2 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
libmproxy/proxy/config.py
View File

@ -45,8 +45,8 @@ class ProxyConfig:
authenticator=None, authenticator=None,
ignore_hosts=[], ignore_hosts=[],
tcp_hosts=[], tcp_hosts=[],
client_ciphers=None, ciphers_client=None,
server_ciphers=None, ciphers_server=None,
certs=[], certs=[],
certforward=False, certforward=False,
ssl_version_client="secure", ssl_version_client="secure",
@ -56,8 +56,8 @@ class ProxyConfig:
self.host = host self.host = host
self.port = port self.port = port
self.server_version = server_version self.server_version = server_version
self.client_ciphers = client_ciphers self.ciphers_client = ciphers_client
self.server_ciphers = server_ciphers self.ciphers_server = ciphers_server
self.clientcerts = clientcerts self.clientcerts = clientcerts
self.no_upstream_cert = no_upstream_cert self.no_upstream_cert = no_upstream_cert
self.body_size_limit = body_size_limit self.body_size_limit = body_size_limit
@ -85,8 +85,8 @@ class ProxyConfig:
for spec, cert in certs: for spec, cert in certs:
self.certstore.add_cert_file(spec, cert) self.certstore.add_cert_file(spec, cert)
self.certforward = certforward self.certforward = certforward
self.openssl_client_method, self.openssl_client_options = version_to_openssl(ssl_version_client) self.openssl_method_client, self.openssl_options_client = version_to_openssl(ssl_version_client)
self.openssl_server_method, self.openssl_server_options = version_to_openssl(ssl_version_server) self.openssl_method_server, self.openssl_options_server = version_to_openssl(ssl_version_server)
self.ssl_ports = ssl_ports self.ssl_ports = ssl_ports
@ -190,8 +190,8 @@ def process_proxy_options(parser, options):
ignore_hosts=options.ignore_hosts, ignore_hosts=options.ignore_hosts,
tcp_hosts=options.tcp_hosts, tcp_hosts=options.tcp_hosts,
authenticator=authenticator, authenticator=authenticator,
client_ciphers=options.client_ciphers, ciphers_client=options.ciphers_client,
server_ciphers=options.server_ciphers, ciphers_server=options.ciphers_server,
certs=certs, certs=certs,
certforward=options.certforward, certforward=options.certforward,
ssl_version_client=options.ssl_version_client, ssl_version_client=options.ssl_version_client,
@ -212,25 +212,36 @@ def ssl_option_group(parser):
'The PEM file should contain the full certificate chain, with the leaf certificate as the first entry. ' 'The PEM file should contain the full certificate chain, with the leaf certificate as the first entry. '
'Can be passed multiple times.' 'Can be passed multiple times.'
) )
group.add_argument(
"--cert-forward", action="store_true",
dest="certforward", default=False,
help="Simply forward SSL certificates from upstream."
)
group.add_argument(
"--ciphers-client", action="store",
type=str, dest="ciphers_client", default=None,
help="Set supported ciphers for client connections. (OpenSSL Syntax)"
)
group.add_argument(
"--ciphers-server", action="store",
type=str, dest="ciphers_server", default=None,
help="Set supported ciphers for server connections. (OpenSSL Syntax)"
)
group.add_argument( group.add_argument(
"--client-certs", action="store", "--client-certs", action="store",
type=str, dest="clientcerts", default=None, type=str, dest="clientcerts", default=None,
help="Client certificate directory." help="Client certificate directory."
) )
group.add_argument( group.add_argument(
"--client-ciphers", action="store", "--no-upstream-cert", default=False,
type=str, dest="client_ciphers", default=None, action="store_true", dest="no_upstream_cert",
help="Client facing SSL cipher specification." help="Don't connect to upstream server to look up certificate details."
) )
group.add_argument( group.add_argument(
"--server-ciphers", action="store", "--ssl-port", action="append", type=int, dest="ssl_ports", default=list(TRANSPARENT_SSL_PORTS),
type=str, dest="server_ciphers", default=None, metavar="PORT",
help="Server facing SSL cipher specification." help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. "
) "Defaults to %s." % str(TRANSPARENT_SSL_PORTS)
group.add_argument(
"--cert-forward", action="store_true",
dest="certforward", default=False,
help="Simply forward SSL certificates from upstream."
) )
group.add_argument( group.add_argument(
"--ssl-version-client", dest="ssl_version_client", "--ssl-version-client", dest="ssl_version_client",
@ -246,14 +257,3 @@ def ssl_option_group(parser):
help="Set supported SSL/TLS version for server connections. " help="Set supported SSL/TLS version for server connections. "
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure." "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure."
) )
group.add_argument(
"--no-upstream-cert", default=False,
action="store_true", dest="no_upstream_cert",
help="Don't connect to upstream server to look up certificate details."
)
group.add_argument(
"--ssl-port", action="append", type=int, dest="ssl_ports", default=list(TRANSPARENT_SSL_PORTS),
metavar="PORT",
help="Can be passed multiple times. Specify destination ports which are assumed to be SSL. "
"Defaults to %s." % str(TRANSPARENT_SSL_PORTS)
)

18
libmproxy/proxy/server.py
View File

@ -187,9 +187,9 @@ class ConnectionHandler:
self.server_conn.establish_ssl( self.server_conn.establish_ssl(
self.config.clientcerts, self.config.clientcerts,
sni, sni,
method=self.config.openssl_server_method, method=self.config.openssl_method_server,
options=self.config.openssl_server_options, options=self.config.openssl_options_server,
cipher_list=self.config.server_ciphers, cipher_list=self.config.ciphers_server,
) )
except tcp.NetLibError as v: except tcp.NetLibError as v:
e = ProxyError(502, repr(v)) e = ProxyError(502, repr(v))
@ -208,10 +208,10 @@ class ConnectionHandler:
try: try:
self.client_conn.convert_to_ssl( self.client_conn.convert_to_ssl(
cert, key, cert, key,
method=self.config.openssl_client_method, method=self.config.openssl_method_client,
options=self.config.openssl_client_options, options=self.config.openssl_options_client,
handle_sni=self.handle_sni, handle_sni=self.handle_sni,
cipher_list=self.config.client_ciphers, cipher_list=self.config.ciphers_client,
dhparams=self.config.certstore.dhparams, dhparams=self.config.certstore.dhparams,
chain_file=chain_file chain_file=chain_file
) )
@ -297,9 +297,9 @@ class ConnectionHandler:
cert, key, chain_file = self.find_cert() cert, key, chain_file = self.find_cert()
new_context = self.client_conn._create_ssl_context( new_context = self.client_conn._create_ssl_context(
cert, key, cert, key,
method=self.config.openssl_client_method, method=self.config.openssl_method_client,
options=self.config.openssl_client_options, options=self.config.openssl_options_client,
cipher_list=self.config.client_ciphers, cipher_list=self.config.ciphers_client,
dhparams=self.config.certstore.dhparams, dhparams=self.config.certstore.dhparams,
chain_file=chain_file chain_file=chain_file
) )