diff options
author | Maximilian Hils <git@maximilianhils.com> | 2016-07-27 21:01:28 -0700 |
---|---|---|
committer | Maximilian Hils <git@maximilianhils.com> | 2016-07-27 21:01:28 -0700 |
commit | 8b325fd65ab7bb5b2b5120183894315036d68a17 (patch) | |
tree | f648dfba4b3d1e02f1137535dfba4a222f7f2c9c /mitmproxy | |
parent | 17fdb841f023a546ebb56bc8ae81fb6f74b224cc (diff) | |
download | mitmproxy-8b325fd65ab7bb5b2b5120183894315036d68a17.tar.gz mitmproxy-8b325fd65ab7bb5b2b5120183894315036d68a17.tar.bz2 mitmproxy-8b325fd65ab7bb5b2b5120183894315036d68a17.zip |
improve invalid certificate ux
Diffstat (limited to 'mitmproxy')
-rw-r--r-- | mitmproxy/console/master.py | 6 | ||||
-rw-r--r-- | mitmproxy/console/options.py | 1 | ||||
-rw-r--r-- | mitmproxy/dump.py | 2 | ||||
-rw-r--r-- | mitmproxy/exceptions.py | 6 | ||||
-rw-r--r-- | mitmproxy/models/http.py | 2 | ||||
-rw-r--r-- | mitmproxy/protocol/tls.py | 21 | ||||
-rw-r--r-- | mitmproxy/proxy/server.py | 7 |
7 files changed, 20 insertions, 25 deletions
diff --git a/mitmproxy/console/master.py b/mitmproxy/console/master.py index 9a9addc5..7a7ed9fd 100644 --- a/mitmproxy/console/master.py +++ b/mitmproxy/console/master.py @@ -277,11 +277,11 @@ class ConsoleMaster(flow.FlowMaster): if self.options.verbosity < utils.log_tier(level): return - if level == "error": + if level in ("error", "warn"): signals.status_message.send( - message = "Error: %s" % str(e) + message = "{}: {}".format(level.title(), e) ) - e = urwid.Text(("error", str(e))) + e = urwid.Text((level, str(e))) else: e = urwid.Text(str(e)) self.logbuffer.append(e) diff --git a/mitmproxy/console/options.py b/mitmproxy/console/options.py index d34672d3..2205bf6f 100644 --- a/mitmproxy/console/options.py +++ b/mitmproxy/console/options.py @@ -8,7 +8,6 @@ from mitmproxy.console import grideditor from mitmproxy.console import palettes from mitmproxy.console import select from mitmproxy.console import signals -from OpenSSL import SSL footer = [ ('heading_key', "enter/space"), ":toggle ", diff --git a/mitmproxy/dump.py b/mitmproxy/dump.py index e59fd23e..51124224 100644 --- a/mitmproxy/dump.py +++ b/mitmproxy/dump.py @@ -104,7 +104,7 @@ class DumpMaster(flow.FlowMaster): click.secho( e, file=self.options.tfile, - fg="red" if level == "error" else None, + fg=dict(error="red", warn="yellow").get(level), dim=(level == "debug"), err=(level == "error") ) diff --git a/mitmproxy/exceptions.py b/mitmproxy/exceptions.py index 3b41fe1c..6ca11b25 100644 --- a/mitmproxy/exceptions.py +++ b/mitmproxy/exceptions.py @@ -44,6 +44,12 @@ class ClientHandshakeException(TlsProtocolException): self.server = server +class InvalidServerCertificate(TlsProtocolException): + def __repr__(self): + # In contrast to most others, this is a user-facing error which needs to look good. + return str(self) + + class Socks5ProtocolException(ProtocolException): pass diff --git a/mitmproxy/models/http.py b/mitmproxy/models/http.py index 7781e61f..d56eb29a 100644 --- a/mitmproxy/models/http.py +++ b/mitmproxy/models/http.py @@ -225,7 +225,7 @@ class HTTPFlow(Flow): def make_error_response(status_code, message, headers=None): - response = status_codes.RESPONSES.get(status_code, "Unknown").encode() + response = status_codes.RESPONSES.get(status_code, "Unknown") body = """ <html> <head> diff --git a/mitmproxy/protocol/tls.py b/mitmproxy/protocol/tls.py index 51f4d80d..d08e2e32 100644 --- a/mitmproxy/protocol/tls.py +++ b/mitmproxy/protocol/tls.py @@ -543,25 +543,12 @@ class TlsLayer(base.Layer): ) tls_cert_err = self.server_conn.ssl_verification_error if tls_cert_err is not None: - self.log( - "TLS verification failed for upstream server at depth %s with error: %s" % - (tls_cert_err['depth'], tls_cert_err['errno']), - "error") - self.log("Ignoring server verification error, continuing with connection", "error") + self.log(str(tls_cert_err), "warn") + self.log("Ignoring server verification error, continuing with connection", "warn") except netlib.exceptions.InvalidCertificateException as e: - tls_cert_err = self.server_conn.ssl_verification_error - self.log( - "TLS verification failed for upstream server at depth %s with error: %s" % - (tls_cert_err['depth'], tls_cert_err['errno']), - "error") - self.log("Aborting connection attempt", "error") six.reraise( - exceptions.TlsProtocolException, - exceptions.TlsProtocolException("Cannot establish TLS with {address} (sni: {sni}): {e}".format( - address=repr(self.server_conn.address), - sni=self.server_sni, - e=repr(e), - )), + exceptions.InvalidServerCertificate, + exceptions.InvalidServerCertificate(str(e)), sys.exc_info()[2] ) except netlib.exceptions.TlsException as e: diff --git a/mitmproxy/proxy/server.py b/mitmproxy/proxy/server.py index 26f2e294..4fd5755a 100644 --- a/mitmproxy/proxy/server.py +++ b/mitmproxy/proxy/server.py @@ -125,11 +125,14 @@ class ConnectionHandler(object): self.log( "Client Handshake failed. " "The client may not trust the proxy's certificate for {}.".format(e.server), - "error" + "warn" ) self.log(repr(e), "debug") + elif isinstance(e, exceptions.InvalidServerCertificate): + self.log(str(e), "warn") + self.log("Invalid certificate, closing connection. Pass --insecure to disable validation.", "warn") else: - self.log(repr(e), "info") + self.log(repr(e), "warn") self.log(traceback.format_exc(), "debug") # If an error propagates to the topmost level, |