Added automatic creation of serial file "certs/ca.srl" on first use.
authorJean-Michel Nirgal Vourgère <jmv@nirgal.com>
Mon, 31 May 2010 10:42:06 +0000 (10:42 +0000)
committerJean-Michel Nirgal Vourgère <jmv@nirgal.com>
Mon, 31 May 2010 10:42:06 +0000 (10:42 +0000)
sproxy

diff --git a/sproxy b/sproxy
index 69908340e4d10b64a88d01be5dd4f5df2e85674a..76fd2a7dcd81f41024f770c33fb59e12096a7861 100755 (executable)
--- a/sproxy
+++ b/sproxy
@@ -320,7 +320,7 @@ class HttpRequest(HttpBase):
                 logging.warning('Ignoring necloc value %s in request. Header "Host" value is %s', request_netloc, header_necloc)
                 for i in range(len(self.headers)):
                     if self.headers[i][0].lower()=='host':
-                        self.headers[i][1] = request_netloc
+                        self.headers[i] = ('Host', 'request_netloc')
                 # Patch header here
             elif not header_necloc:
                 self.headers.append(('Host', request_netloc))
@@ -460,8 +460,6 @@ def run_request_https(request):
 
 def make_https_sslcontext(hostname):
     # To generate a certificate:
-    # openssl req -nodes -new -x509 -keyout certs/proxy.key -out certs/proxy.crt -days 10000
-    #
     # openssl req -nodes -new -x509 -keyout certs/ca.key -out certs/ca.crt -days 10000 -subj "/O=Spy Proxy/CN=*" -newkey rsa:2048
     #
     # openssl req -nodes -new -subj "/CN=*.nirgal.com" -days 10000 -keyout certs/nirgal.com.key -out certs/nirgal.com.csr
@@ -475,8 +473,12 @@ def make_https_sslcontext(hostname):
     ssl_context = SSL.Context(SSL.SSLv23_METHOD)
     if not os.path.exists(keyfile) or not os.path.exists(crtfile):
         logging.debug('Generating custom SSL certificates for %s', hostname)
+        if not os.path.exists('certs/ca.srl'):
+            extra_args  = [ '-CAcreateserial' ]
+        else:
+            extra_args = [ ]
         subprocess.call(['openssl', 'req', '-nodes', '-new', '-subj', '/CN='+hostname, '-days', '10000', '-keyout', keyfile, '-out', csrfile])
-        subprocess.call(['openssl', 'x509', '-req', '-in', csrfile, '-out', crtfile, '-CA', 'certs/ca.crt', '-CAkey', 'certs/ca.key'])
+        subprocess.call(['openssl', 'x509', '-req', '-in', csrfile, '-out', crtfile, '-CA', 'certs/ca.crt', '-CAkey', 'certs/ca.key'] + extra_args )
     ssl_context.use_privatekey_file (keyfile)
     ssl_context.use_certificate_file(crtfile)
     return ssl_context