ProxyConfig: Refactor to move verification mode checks into configure

author: Aldo Cortesi <aldo@nullcube.com> 2016-07-19 13:23:54 +1200
committer: Aldo Cortesi <aldo@nullcube.com> 2016-07-19 16:25:09 +1200
commit: 26fa88a338c96a9e57fdbf3943a8936eaac4c5c7 (patch)
tree: 7472ca90ff5fa1a5c9888a3976097ffd66475b3c
parent: 77bf092bcd324edd68cffd9f5018198bca938e8a (diff)
download: mitmproxy-26fa88a338c96a9e57fdbf3943a8936eaac4c5c7.tar.gz
mitmproxy-26fa88a338c96a9e57fdbf3943a8936eaac4c5c7.tar.bz2
mitmproxy-26fa88a338c96a9e57fdbf3943a8936eaac4c5c7.zip
2 files changed, 33 insertions, 24 deletions
diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py
index 58c7d1c6..2bf044a0 100644
--- a/mitmproxy/proxy/config.py
+++ b/mitmproxy/proxy/config.py
@@ -102,27 +102,28 @@ class ProxyConfig:
         self.rawtcp = rawtcp
         self.authenticator = authenticator
 
-        self.openssl_method_client, self.openssl_options_client = \
-            tcp.sslversion_choices[options.ssl_version_client]
-        self.openssl_method_server, self.openssl_options_server = \
-            tcp.sslversion_choices[options.ssl_version_server]
-
-        if options.ssl_verify_upstream_cert:
-            self.openssl_verification_mode_server = SSL.VERIFY_PEER
-        else:
-            self.openssl_verification_mode_server = SSL.VERIFY_NONE
-
         self.check_ignore = None
         self.check_tcp = None
         self.certstore = None
         self.clientcerts = None
+        self.openssl_verification_mode_server = None
         self.configure(options)
         options.changed.connect(self.configure)
 
     def configure(self, options):
+        if options.ssl_verify_upstream_cert:
+            self.openssl_verification_mode_server = SSL.VERIFY_PEER
+        else:
+            self.openssl_verification_mode_server = SSL.VERIFY_NONE
+
         self.check_ignore = HostMatcher(options.ignore_hosts)
         self.check_tcp = HostMatcher(options.tcp_hosts)
 
+        self.openssl_method_client, self.openssl_options_client = \
+            tcp.sslversion_choices[options.ssl_version_client]
+        self.openssl_method_server, self.openssl_options_server = \
+            tcp.sslversion_choices[options.ssl_version_server]
+
         certstore_path = os.path.expanduser(options.cadir)
         if not os.path.exists(os.path.dirname(certstore_path)):
             raise exceptions.OptionsError(
diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py
index a64a8565..f036fefd 100644
--- a/test/mitmproxy/test_server.py
+++ b/test/mitmproxy/test_server.py
@@ -368,9 +368,11 @@ class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxyTest):
         ])
 
     def test_verification_w_cadir(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
-        self.config.options.ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
-            "data/trusted-cadir/"
+        self.config.options.update(
+            ssl_verify_upstream_cert = True,
+            ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
+                "data/trusted-cadir/"
+            )
         )
         self.pathoc()
 
@@ -401,23 +403,29 @@ class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxyTest):
 
     def test_default_verification_w_bad_cert(self):
         """Should use no verification."""
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-            "data/trusted-cadir/trusted-ca.pem")
-
+        self.config.options.update(
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 242
 
     def test_no_verification_w_bad_cert(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_NONE
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-            "data/trusted-cadir/trusted-ca.pem")
-
+        self.config.options.update(
+            ssl_verify_upstream_cert = False,
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 242
 
     def test_verification_w_bad_cert(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-            "data/trusted-cadir/trusted-ca.pem")
-
+        self.config.options.update(
+            ssl_verify_upstream_cert = True,
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 502
author	Aldo Cortesi <aldo@nullcube.com>	2016-07-19 13:23:54 +1200
committer	Aldo Cortesi <aldo@nullcube.com>	2016-07-19 16:25:09 +1200
commit	26fa88a338c96a9e57fdbf3943a8936eaac4c5c7 (patch)
tree	7472ca90ff5fa1a5c9888a3976097ffd66475b3c
parent	77bf092bcd324edd68cffd9f5018198bca938e8a (diff)
download	mitmproxy-26fa88a338c96a9e57fdbf3943a8936eaac4c5c7.tar.gz mitmproxy-26fa88a338c96a9e57fdbf3943a8936eaac4c5c7.tar.bz2 mitmproxy-26fa88a338c96a9e57fdbf3943a8936eaac4c5c7.zip