Jun. 12, 2018, 06:18 AM
(Jun. 11, 2018 01:20 PM)whenever Wrote: [ -> ]Feel free to do it.I am not sure what do You mean by that. It is your repository after all Besides even if You give me access to it I still would not know what to do with it as my git/github skills are very limited
By running diff on your git and JJoe's package I got this patch which if applied along with updated certs would bring code up to date.
Code:
diff -Naur wheever-ProxHTTPSProxyMII-da06c09/CertTool.py "ProxHTTPSProxyMII_py 1.5wipb/CertTool.py"
--- wheever-ProxHTTPSProxyMII-da06c09/CertTool.py 2017-06-19 22:20:22.000000000 +0200
+++ "ProxHTTPSProxyMII_py 1.5wipb/CertTool.py" 2018-04-20 16:26:28.000000000 +0200
@@ -14,6 +14,7 @@
import os
import time
import OpenSSL
+import ipaddress
def create_CA(capath):
key = OpenSSL.crypto.PKey()
@@ -77,15 +78,24 @@
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 3652)
cert.set_issuer(ca.get_subject())
- if commonname.startswith('.'):
- domain = '*' + commonname
- else:
- domain = commonname
- cert.get_subject().CN = domain
+ try:
+ ip = ipaddress.ip_address(commonname)
+ cert.get_subject().CN = commonname
+ san = 'IP: ' + commonname
+ cert.add_extensions([OpenSSL.crypto.X509Extension(b"subjectAltName", False, san.encode())])
+# print('IP')
+ except ValueError:
+ # protocol limits common name field to 64 characters.
+ # commonnameshort may use wildcard to 'shorten' commonname.
+ commonnameshort = '*.' + commonname.partition('.')[-1] if commonname.count('.') >= 2 else commonname
+ cert.get_subject().CN = commonnameshort
+ san = 'DNS: ' + commonname
+ cert.add_extensions([OpenSSL.crypto.X509Extension(b"subjectAltName", False, san.encode())])
+# print('DNS')
+ except:
+ print('Address not found')
cert.set_serial_number(int(time.time()*10000))
cert.set_pubkey(ca.get_pubkey())
- cert.add_extensions(
- [OpenSSL.crypto.X509Extension(b"subjectAltName", False, str.encode("DNS:"+domain))])
cert.sign(key, "sha256")
with open(certfile, 'wb') as fp:
fp.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
diff -Naur wheever-ProxHTTPSProxyMII-da06c09/ProxHTTPSProxy.py "ProxHTTPSProxyMII_py 1.5wipb/ProxHTTPSProxy.py"
--- wheever-ProxHTTPSProxyMII-da06c09/ProxHTTPSProxy.py 2017-06-19 22:20:22.000000000 +0200
+++ "ProxHTTPSProxyMII_py 1.5wipb/ProxHTTPSProxy.py" 2018-04-20 16:08:56.000000000 +0200
@@ -5,7 +5,7 @@
_name = 'ProxHTTPSProxyMII'
__author__ = 'phoenix'
-__version__ = 'v1.4'
+__version__ = 'v1.5wipb'
CONFIG = "config.ini"
CA_CERTS = "cacert.pem"
@@ -138,7 +138,7 @@
server_version = "%s FrontProxy/%s" % (_name, __version__)
def do_CONNECT(self):
- "Descrypt https request and dispatch to http handler"
+ "Decrypt https request and dispatch to http handler"
# request line: CONNECT www.example.com:443 HTTP/1.1
self.host, self.port = self.path.split(":")
@@ -162,7 +162,8 @@
self.wfile.write(("HTTP/1.1 200 Connection established\r\n" +
"Proxy-agent: %s\r\n" % self.version_string() +
"\r\n").encode('ascii'))
- commonname = '.' + self.host.partition('.')[-1] if self.host.count('.') >= 2 else self.host
+# commonname = '.' + self.host.partition('.')[-1] if self.host.count('.') >= 2 else self.host
+ commonname = self.host
dummycert = get_cert(commonname)
# set a flag for do_METHOD
self.ssltunnel = True
I would welcome it a lot if you updated repo with it and certs mentioned earlier
EDIT:
I am unable to visit losyziemi.pl due to cert error.
Code:
HTTPSConnectionPool(host='losyziemi.pl', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))
Code:
HTTPSConnectionPool(host='losyziemi.pl', port=443): Max retries exceeded with url: / (Caused by SSLError(CertificateError("hostname 'losyziemi.pl' doesn't match either of '*.platinum.edu.pl', 'platinum.edu.pl'",),))
EDIT 2:
There is more of those matching errors like
Code:
HTTPSConnectionPool(host='mf24.pl', port=443): Max retries exceeded with url: / (Caused by SSLError(CertificateError("hostname 'mf24.pl' doesn't match 's4.masternet.pl'",),))