graph LR
Certificate_Management_Module["Certificate Management Module"]
TLS_Utilities_Module["TLS Utilities Module"]
TLS_Protocol_Handler_Module["TLS Protocol Handler Module"]
Certificate_Management_Module -- "provides certificates to" --> TLS_Protocol_Handler_Module
TLS_Utilities_Module -- "offers SSL context configuration and SNI extraction to" --> TLS_Protocol_Handler_Module
TLS_Protocol_Handler_Module -- "requests and obtains certificates from" --> Certificate_Management_Module
TLS_Protocol_Handler_Module -- "leverages utilities from" --> TLS_Utilities_Module
The SSL/TLS Interception & Certificate Management subsystem is a critical part of selenium-wire, enabling the transparent interception and modification of HTTPS traffic. It achieves this by acting as a man-in-the-middle proxy, dynamically generating and managing SSL/TLS certificates, and orchestrating the secure handshake process.
This module is responsible for the entire lifecycle of SSL/TLS certificates necessary for the proxy's operation. It handles the generation of a root Certificate Authority (CA), the creation of on-the-fly dummy certificates for intercepted domains, and the storage and retrieval of these certificates. Its role is fundamental in ensuring that the browser trusts the proxy's connection.
Related Classes/Methods:
Provides foundational utilities for low-level TLS operations. This includes configuring SSL contexts for both client and server connections, which are essential for establishing secure communication channels. It also offers functionality to parse initial TLS handshake messages, such as the Client Hello, to extract critical information like Server Name Indication (SNI) for certificate matching.
Related Classes/Methods:
This module acts as the central orchestrator for the TLS handshake process within the proxy. It determines the appropriate TLS handshake flow (e.g., client-only, server-only, or full man-in-the-middle), integrates with the Certificate Management Module to obtain the necessary certificates, and utilizes the TLS Utilities Module to establish and manage secure connections. It is the core mechanism that enables the decryption and re-encryption of HTTPS traffic.
Related Classes/Methods: