temporarily fix key logging for OpenSSL 1.1.1f

author: Maximilian Hils <git@maximilianhils.com> 2020-04-03 16:33:53 +0200
committer: Maximilian Hils <git@maximilianhils.com> 2020-04-03 16:33:53 +0200
commit: 4bfb81c0089d0e0c1c24739f01fca41a3f055f3a (patch)
tree: e6d669b42aab07f5f269cbb601ae16230d21d4b9 /mitmproxy/net
parent: a1169ca3c3597b26dc408e97ec537547b9143d28 (diff)
download: mitmproxy-4bfb81c0089d0e0c1c24739f01fca41a3f055f3a.tar.gz
mitmproxy-4bfb81c0089d0e0c1c24739f01fca41a3f055f3a.tar.bz2
mitmproxy-4bfb81c0089d0e0c1c24739f01fca41a3f055f3a.zip
1 files changed, 22 insertions, 5 deletions
diff --git a/mitmproxy/net/tls.py b/mitmproxy/net/tls.py
index 2c9f6c85..d8e943d3 100644
--- a/mitmproxy/net/tls.py
+++ b/mitmproxy/net/tls.py
@@ -87,7 +87,18 @@ class MasterSecretLogger:
     __name__ = "MasterSecretLogger"
 
     def __call__(self, connection, where, ret):
-        if where == SSL.SSL_CB_HANDSHAKE_DONE and ret == 1:
+        done_now = (
+            where == SSL.SSL_CB_HANDSHAKE_DONE and ret == 1
+        )
+        # this is a horrendous workaround for https://github.com/mitmproxy/mitmproxy/pull/3692#issuecomment-608454530:
+        # OpenSSL 1.1.1f decided to not make connection.master_key() fail in the SSL_CB_HANDSHAKE_DONE callback.
+        # To support various OpenSSL versions and still log master secrets, we now mark connections where this has
+        # happened and then try again on the next event. This is ugly and shouldn't be done, but eventually we
+        # replace this with context.set_keylog_callback anyways.
+        done_previously_but_not_logged_yet = (
+            hasattr(connection, "_still_needs_masterkey")
+        )
+        if done_now or done_previously_but_not_logged_yet:
             with self.lock:
                 if not self.f:
                     d = os.path.dirname(self.filename)
@@ -95,10 +106,16 @@ class MasterSecretLogger:
                         os.makedirs(d)
                     self.f = open(self.filename, "ab")
                     self.f.write(b"\r\n")
-                client_random = binascii.hexlify(connection.client_random())
-                masterkey = binascii.hexlify(connection.master_key())
-                self.f.write(b"CLIENT_RANDOM %s %s\r\n" % (client_random, masterkey))
-                self.f.flush()
+                try:
+                    client_random = binascii.hexlify(connection.client_random())
+                    masterkey = binascii.hexlify(connection.master_key())
+                except (AssertionError, SSL.Error):  # careful: exception type changes between pyOpenSSL versions
+                    connection._still_needs_masterkey = True
+                else:
+                    self.f.write(b"CLIENT_RANDOM %s %s\r\n" % (client_random, masterkey))
+                    self.f.flush()
+                    if hasattr(connection, "_still_needs_masterkey"):
+                        delattr(connection, "_still_needs_masterkey")
 
     def close(self):
         with self.lock:
author	Maximilian Hils <git@maximilianhils.com>	2020-04-03 16:33:53 +0200
committer	Maximilian Hils <git@maximilianhils.com>	2020-04-03 16:33:53 +0200
commit	4bfb81c0089d0e0c1c24739f01fca41a3f055f3a (patch)
tree	e6d669b42aab07f5f269cbb601ae16230d21d4b9 /mitmproxy/net
parent	a1169ca3c3597b26dc408e97ec537547b9143d28 (diff)
download	mitmproxy-4bfb81c0089d0e0c1c24739f01fca41a3f055f3a.tar.gz mitmproxy-4bfb81c0089d0e0c1c24739f01fca41a3f055f3a.tar.bz2 mitmproxy-4bfb81c0089d0e0c1c24739f01fca41a3f055f3a.zip