Commit Graph

47 Commits

Author SHA1 Message Date
Maximilian Hils e58f76aec1 fix code smell 2015-04-09 02:09:33 +02:00
Maximilian Hils 2a2402dfff ...two years is not enough. 2015-02-17 00:10:10 +01:00
Aldo Cortesi 7e5bb74e72 5 years is enough... 2015-02-17 12:03:52 +13:00
Aldo Cortesi c9de3e770b By popular demand, bump dummy cert expiry to 5 years
fixes #52
2015-02-17 11:59:07 +13:00
Maximilian Hils 9ef84ccc1c clean up code 2014-10-09 00:15:39 +02:00
Maximilian Hils fdb6f5552d CertStore: add support for cert chains 2014-10-08 20:46:30 +02:00
Aldo Cortesi 5dcc7f78df Merge pull request #34 from bbaetz/master
Change the criticality of a number of X509 extentions, to match
2014-09-07 12:50:36 +12:00
Maximilian Hils d9a731b23a make inequality comparison work 2014-09-04 19:18:43 +02:00
Maximilian Hils 6d1b601ddf minor cleanups 2014-08-16 15:53:07 +02:00
Maximilian Hils d382bb27bf certstore: add support for asterisk form to DNTree replacement 2014-07-19 00:02:31 +02:00
Maximilian Hils a7837846a2 temporarily replace DNTree with a simpler cert lookup mechanism, fix mitmproxy/mitmproxy#295 2014-07-18 22:55:25 +02:00
Maximilian Hils 4d5d8b6511 mark nsCertType non-critical, fix #39 2014-06-29 13:10:07 +02:00
Maximilian Hils 92081eee04 Update certutils.py
refs mitmproxy/mitmproxy#200
2014-04-25 19:40:37 +02:00
Bradley Baetz d8f54c7c03 Change the criticality of a number of X509 extentions, to match
the RFCs and real-world CAs/certs.

This improve compatability with older browsers/clients.
2014-03-20 11:12:11 +11:00
Maximilian Hils 34e469eb55 create dhparam file if it doesn't exist, fix mitmproxy/mitmproxy#235 2014-03-11 20:23:27 +01:00
Aldo Cortesi f5cc63d653 Certificate flags 2014-03-10 17:29:27 +13:00
Aldo Cortesi 2a12aa3c47 Support Ephemeral Diffie-Hellman 2014-03-07 16:38:50 +13:00
Aldo Cortesi 52b14aa1d1 CertStore: cope with certs that have no common name 2014-03-05 17:29:14 +13:00
Aldo Cortesi 0c3bc1cff2 Much more sophisticated certificate store
- Handle wildcard lookup
- Handle lookup of SANs
- Provide hooks for registering override certs and keys for specific
domains (including wildcard specifications)
2014-03-05 13:19:16 +13:00
Aldo Cortesi 7c82418e0b Beef up CertStore, add DH params. 2014-03-04 14:12:58 +13:00
Aldo Cortesi 7788391903 Minor improvement to CertStore interface 2014-03-02 13:50:19 +13:00
Maximilian Hils dc45b4bf19 move StateObject back into libmproxy 2014-01-31 01:06:53 +01:00
Maximilian Hils ff9656be80 remove subclassing of tuple in tcp.Address, move StateObject into netlib 2014-01-30 20:07:30 +01:00
Maximilian Hils 763cb90b66 add tcp.Address to unify ipv4/ipv6 address handling 2014-01-28 17:26:35 +01:00
Aldo Cortesi ac1a700fa1 Make certificate not-before time 48 hours.
Fixes #200
2014-01-08 14:46:55 +13:00
Aldo Cortesi d05c20d8fa Domain checks for persistent cert store is now irrelevant.
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi af8f98d493 Merge pull request #22 from fictivekin/custom-o-cn
allow specification of o, cn, expiry
2013-12-07 15:42:54 -08:00
Sean Coates 642b3f002e remove tempfile and shutil imports because they're not actually used 2013-10-07 16:55:35 -04:00
Sean Coates 53b7c5abdd allow specification of o, cn, expiry 2013-10-07 16:48:30 -04:00
Paul 98f765f693 Don't create a certificate request when creating a dummy cert 2013-09-24 21:18:41 +02:00
Aldo Cortesi 62edceee09 Revamp dummy cert generation.
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Maximilian Hils c9ab1c60b5 always read files in binary mode 2013-06-16 00:28:21 +02:00
Aldo Cortesi 7f0aa415e1 Add a request_client_cert argument to server SSL conversion.
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual.  Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus.  Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Tim Becker 241465c368 extensions aren't supported in v1, set to v3 (value=2) if using them. 2013-04-19 15:37:14 +02:00
Aldo Cortesi 97e11a219f Housekeeping and cleanup, some minor argument name changes. 2013-02-24 15:36:15 +13:00
Aldo Cortesi c6f9a2d74d More accurate description of an HTTP read error, make pyflakes happy. 2013-02-24 11:08:43 +13:00
Aldo Cortesi 00d20abdd4 Beef up client certificate handling substantially. 2013-01-20 22:13:38 +13:00
Aldo Cortesi e4acace8ea Sanity-check certstore common names. 2013-01-06 01:34:39 +13:00
Aldo Cortesi 91834ea78f Generate certificates with a commencement date an hour in the past.
This helps smooth over small discrepancies in client and server times, where
it's possible for a certificate to seem to be "in the future" to the client.
2013-01-06 01:16:58 +13:00
Aldo Cortesi 72032d7fe7 Basic certificate store implementation and cert utils API cleanup. 2013-01-06 01:16:25 +13:00
Aldo Cortesi 728ef107a0 Ignore SAN entries that we don't understand. 2012-07-24 14:55:54 +12:00
Aldo Cortesi a1a1663c0f Fix cert path. 2012-07-20 14:45:58 +12:00
Maximilian Hils 9ab7842c81 fix relative certdir 2012-07-11 11:09:41 +02:00
Aldo Cortesi 7480f87cd7 Add utility function for converstion to PEM. 2012-06-28 14:56:21 +12:00
Aldo Cortesi a1491a6ae0 Add a get_remote_cert method to tcp client. 2012-06-28 08:15:55 +12:00
Aldo Cortesi b0ef9ad07b Refactor certutils.SSLCert API. 2012-06-27 22:11:58 +12:00
Aldo Cortesi f7fcb1c80b Add certutils to netlib. 2012-06-27 16:42:00 +12:00