From b4e7aaf2f68af60ec32219d27d3d10b79f5d0610 Mon Sep 17 00:00:00 2001 From: ikoz Date: Wed, 16 Mar 2016 22:57:57 +0000 Subject: [PATCH] Make the add-server-certs-to-client-chain and verify-upstream-cert options mutually exclusive whily processing the proxy options. Do the same for the add-server-certs-to-client-chain and no-upstream-cert options. --- mitmproxy/proxy/config.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index 311d25993..bd02c628c 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -138,14 +138,26 @@ def process_proxy_options(parser, options): "Transparent, SOCKS5, reverse and upstream proxy mode " "are mutually exclusive. Read the docs on proxy modes to understand why." ) - + if options.add_upstream_certs_to_client_chain and options.no_upstream_cert: + return parser.error( + "The no-upstream-cert and add-upstream-certs-to-client-chain " + "options are mutually exclusive. If no-upstream-cert is enabled " + "then the upstream certificate is not retrieved before generating " + "the client certificate chain." + ) + if options.add_upstream_certs_to_client_chain and options.ssl_verify_upstream_cert: + return parser.error( + "The verify-upstream-cert and add-upstream-certs-to-client-chain " + "options are mutually exclusive. If upstream certificates are verified " + "then extra upstream certificates are not available for inclusion " + "to the client chain." + ) if options.clientcerts: options.clientcerts = os.path.expanduser(options.clientcerts) if not os.path.exists(options.clientcerts): return parser.error( - "Client certificate path does not exist: %s" % options.clientcerts + "Client certificate path does not exist: %s" % options.clientcerts ) - if options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd: if options.transparent_proxy: