store generated cert for each flow

fixes mitmproxy#1935

mitmproxy/connections.py

@@ -17,6 +17,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
         address: Remote address
         ssl_established: True if TLS is established, False otherwise
         clientcert: The TLS client certificate
+        mitmcert: The MITM'ed TLS server certificate presented to the client
         timestamp_start: Connection start timestamp
         timestamp_ssl_setup: TLS established timestamp
         timestamp_end: Connection end timestamp
@@ -40,6 +41,7 @@ def __init__(self, client_connection, address, server):
             self.clientcert = None
             self.ssl_established = None
 
+        self.mitmcert = None
         self.timestamp_start = time.time()
         self.timestamp_end = None
         self.timestamp_ssl_setup = None
@@ -72,6 +74,7 @@ def tls_established(self):
         address=tcp.Address,
         ssl_established=bool,
         clientcert=certs.SSLCert,
+        mitmcert=certs.SSLCert,
         timestamp_start=float,
         timestamp_ssl_setup=float,
         timestamp_end=float,
@@ -98,6 +101,7 @@ def make_dummy(cls, address):
         return cls.from_state(dict(
             address=dict(address=address, use_ipv6=False),
             clientcert=None,
+            mitmcert=None,
             ssl_established=False,
             timestamp_start=None,
             timestamp_end=None,

mitmproxy/io_compat.py

@@ -88,6 +88,7 @@ def convert_019_100(data):
 
 def convert_100_200(data):
     data["version"] = (2, 0, 0)
+    data["client_conn"]["mitmcert"] = None
     return data
 
 

mitmproxy/proxy/protocol/tls.py

@@ -465,6 +465,8 @@ def _establish_tls_with_client(self):
         self.log("Establish TLS with client", "debug")
         cert, key, chain_file = self._find_cert()
 
+        self.client_conn.mitmcert = cert
+
         if self.config.options.add_upstream_certs_to_client_chain:
             extra_certs = self.server_conn.server_certs
         else:

mitmproxy/test/tflow.py

@@ -144,6 +144,7 @@ def tclient_conn():
     c = connections.ClientConnection.from_state(dict(
         address=dict(address=("address", 22), use_ipv6=True),
         clientcert=None,
+        mitmcert=None,
         ssl_established=False,
         timestamp_start=1,
         timestamp_ssl_setup=2,