Closed
Description
Is your feature request related to a problem? Please describe.
I am unable to use proxy.py when the upstream is using a self signed cert when using mitm mode. I have no issues using this with properly signed certs.
Describe the solution you'd like
An option to ignore upstream certificates when using mitm mode.
--ignore-upstream-ssl
Describe alternatives you've considered
An option to specify certs to verify against when calling the upstream on a per domain basis
--upstream-verify localhost=/path/to/cert --upstream-verify nginx.local=/path/to/cert2
Additional context
The following error occurs when trying to mitm an upstream with an unsigned cert.
proxy-http-mitm | 2021-04-08 14:07:18,681 - pid:9 [E] run:359 - ssl.SSLError
proxy-http-mitm | Traceback (most recent call last):
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/handler.py", line 353, in run
proxy-http-mitm | teardown = self.run_once()
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/handler.py", line 338, in run_once
proxy-http-mitm | teardown = self.handle_events(readables, writables)
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/handler.py", line 152, in handle_events
proxy-http-mitm | teardown = self.handle_readables(readables)
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/handler.py", line 298, in handle_readables
proxy-http-mitm | upgraded_sock = plugin.on_request_complete()
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/proxy/server.py", line 352, in on_request_complete
proxy-http-mitm | return self.intercept()
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/proxy/server.py", line 524, in intercept
proxy-http-mitm | self.wrap_server()
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/proxy/server.py", line 551, in wrap_server
proxy-http-mitm | self.server.wrap(text_(self.request.host), self.flags.ca_file)
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/core/connection/server.py", line 44, in wrap
proxy-http-mitm | self._conn = ctx.wrap_socket(
proxy-http-mitm | File "/usr/local/lib/python3.8/ssl.py", line 500, in wrap_socket
proxy-http-mitm | return self.sslsocket_class._create(
proxy-http-mitm | File "/usr/local/lib/python3.8/ssl.py", line 1040, in _create
proxy-http-mitm | self.do_handshake()
proxy-http-mitm | File "/usr/local/lib/python3.8/ssl.py", line 1309, in do_handshake
proxy-http-mitm | self._sslobj.do_handshake()
proxy-http-mitm | ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1123)
proxy-http-mitm | Exception in thread Thread-5:
proxy-http-mitm | Traceback (most recent call last):
proxy-http-mitm | File "/usr/local/lib/python3.8/threading.py", line 932, in _bootstrap_inner
proxy-http-mitm | self.run()
proxy-http-mitm | File "/usr/local/lib/python3.8/threading.py", line 870, in run
proxy-http-mitm | self._target(*self._args, **self._kwargs)
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/handler.py", line 365, in run
proxy-http-mitm | self.shutdown()
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/handler.py", line 167, in shutdown
proxy-http-mitm | self.flush()
proxy-http-mitm | File "/usr/local/lib/python3.8/site-packages/proxy/http/handler.py", line 210, in flush
proxy-http-mitm | self.selector.register(
proxy-http-mitm | File "/usr/local/lib/python3.8/selectors.py", line 352, in register
proxy-http-mitm | key = super().register(fileobj, events, data)
proxy-http-mitm | File "/usr/local/lib/python3.8/selectors.py", line 241, in register
proxy-http-mitm | raise KeyError("{!r} (FD {}) is already registered"
proxy-http-mitm | KeyError: "<socket.socket fd=14, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('172.31.0.5', 8899), raddr=('172.31.0.1', 62848)> (FD 14) is already registered"