| 469 | self.configure("confdir") # pragma: no cover |
| 470 | |
| 471 | def configure(self, updated): |
| 472 | if ( |
| 473 | "certs" in updated |
| 474 | or "confdir" in updated |
| 475 | or "key_size" in updated |
| 476 | or "cert_passphrase" in updated |
| 477 | ): |
| 478 | certstore_path = os.path.expanduser(ctx.options.confdir) |
| 479 | self.certstore = certs.CertStore.from_store( |
| 480 | path=certstore_path, |
| 481 | basename=CONF_BASENAME, |
| 482 | key_size=ctx.options.key_size, |
| 483 | passphrase=ctx.options.cert_passphrase.encode("utf8") |
| 484 | if ctx.options.cert_passphrase |
| 485 | else None, |
| 486 | ) |
| 487 | if self.certstore.default_ca.has_expired(): |
| 488 | logger.warning( |
| 489 | "The mitmproxy certificate authority has expired!\n" |
| 490 | "Please delete all CA-related files in your ~/.mitmproxy folder.\n" |
| 491 | "The CA will be regenerated automatically after restarting mitmproxy.\n" |
| 492 | "See https://docs.mitmproxy.org/stable/concepts-certificates/ for additional help.", |
| 493 | ) |
| 494 | |
| 495 | for certspec in ctx.options.certs: |
| 496 | parts = certspec.split("=", 1) |
| 497 | if len(parts) == 1: |
| 498 | parts = ["*", parts[0]] |
| 499 | |
| 500 | cert = Path(parts[1]).expanduser() |
| 501 | if not cert.exists(): |
| 502 | raise exceptions.OptionsError( |
| 503 | f"Certificate file does not exist: {cert}" |
| 504 | ) |
| 505 | try: |
| 506 | self.certstore.add_cert_file( |
| 507 | parts[0], |
| 508 | cert, |
| 509 | passphrase=ctx.options.cert_passphrase.encode("utf8") |
| 510 | if ctx.options.cert_passphrase |
| 511 | else None, |
| 512 | ) |
| 513 | except ValueError as e: |
| 514 | raise exceptions.OptionsError( |
| 515 | f"Invalid certificate format for {cert}: {e}" |
| 516 | ) from e |
| 517 | |
| 518 | if "tls_ecdh_curve_client" in updated or "tls_ecdh_curve_server" in updated: |
| 519 | for ecdh_curve in [ |
| 520 | ctx.options.tls_ecdh_curve_client, |
| 521 | ctx.options.tls_ecdh_curve_server, |
| 522 | ]: |
| 523 | if ecdh_curve is not None and ecdh_curve not in net_tls.EC_CURVES: |
| 524 | raise exceptions.OptionsError( |
| 525 | f"Invalid ECDH curve: {ecdh_curve!r}. Valid curves are: {', '.join(net_tls.EC_CURVES)}" |
| 526 | ) |
| 527 | |
| 528 | if "tls_version_client_min" in updated: |