diff options
author | Maximilian Hils <git@maximilianhils.com> | 2018-02-27 19:05:59 +0100 |
---|---|---|
committer | Maximilian Hils <git@maximilianhils.com> | 2018-02-27 19:05:59 +0100 |
commit | 944e81dcfcc5220c7853c64405a725f5c4039810 (patch) | |
tree | 3201f3f64492035d07f50a831f90b5fe27b1cbba /mitmproxy/proxy | |
parent | 65b8b65ebc47ed9b610e0df765e273df6a27ce6a (diff) | |
download | mitmproxy-944e81dcfcc5220c7853c64405a725f5c4039810.tar.gz mitmproxy-944e81dcfcc5220c7853c64405a725f5c4039810.tar.bz2 mitmproxy-944e81dcfcc5220c7853c64405a725f5c4039810.zip |
clean up ProxyConfig
some of these options weren't even used anymore,
others only in one place where it makes sense to use options directly.
Diffstat (limited to 'mitmproxy/proxy')
-rw-r--r-- | mitmproxy/proxy/config.py | 31 | ||||
-rw-r--r-- | mitmproxy/proxy/protocol/tls.py | 5 |
2 files changed, 4 insertions, 32 deletions
diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index c15640d7..439beb3d 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -2,12 +2,11 @@ import os import re import typing -from OpenSSL import SSL, crypto +from OpenSSL import crypto from mitmproxy import exceptions from mitmproxy import options as moptions from mitmproxy import certs -from mitmproxy.net import tls from mitmproxy.net import server_spec CONF_BASENAME = "mitmproxy" @@ -40,35 +39,16 @@ class ProxyConfig: self.check_ignore = None # type: HostMatcher self.check_tcp = None # type: HostMatcher self.certstore = None # type: certs.CertStore - self.client_certs = None # type: str - self.openssl_verification_mode_server = None # type: int self.upstream_server = None # type: typing.Optional[server_spec.ServerSpec] self.configure(options, set(options.keys())) options.changed.connect(self.configure) def configure(self, options: moptions.Options, updated: typing.Any) -> None: - if options.add_upstream_certs_to_client_chain and not options.ssl_insecure: - raise exceptions.OptionsError( - "The verify-upstream-cert requires certificate verification to be disabled. " - "If upstream certificates are verified then extra upstream certificates are " - "not available for inclusion to the client chain." - ) - - if options.ssl_insecure: - self.openssl_verification_mode_server = SSL.VERIFY_NONE - else: - self.openssl_verification_mode_server = SSL.VERIFY_PEER - if "ignore_hosts" in updated: self.check_ignore = HostMatcher(options.ignore_hosts) if "tcp_hosts" in updated: self.check_tcp = HostMatcher(options.tcp_hosts) - self.openssl_method_client, self.openssl_options_client = \ - tls.VERSION_CHOICES[options.ssl_version_client] - self.openssl_method_server, self.openssl_options_server = \ - tls.VERSION_CHOICES[options.ssl_version_server] - certstore_path = os.path.expanduser(options.cadir) if not os.path.exists(os.path.dirname(certstore_path)): raise exceptions.OptionsError( @@ -80,15 +60,6 @@ class ProxyConfig: CONF_BASENAME ) - if options.client_certs: - client_certs = os.path.expanduser(options.client_certs) - if not os.path.exists(client_certs): - raise exceptions.OptionsError( - "Client certificate path does not exist: %s" % - options.client_certs - ) - self.client_certs = client_certs - for c in options.certs: parts = c.split("=", 1) if len(parts) == 1: diff --git a/mitmproxy/proxy/protocol/tls.py b/mitmproxy/proxy/protocol/tls.py index 09ce87ba..ce3dc662 100644 --- a/mitmproxy/proxy/protocol/tls.py +++ b/mitmproxy/proxy/protocol/tls.py @@ -374,10 +374,11 @@ class TlsLayer(base.Layer): extra_certs = None try: + tls_method, tls_options = net_tls.VERSION_CHOICES[self.config.options.ssl_version_client] self.client_conn.convert_to_tls( cert, key, - method=self.config.openssl_method_client, - options=self.config.openssl_options_client, + method=tls_method, + options=tls_options, cipher_list=self.config.options.ciphers_client or DEFAULT_CLIENT_CIPHERS, dhparams=self.config.certstore.dhparams, chain_file=chain_file, |