diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2016-03-17 02:28:00 +0100 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2016-03-17 02:28:00 +0100 |
| commit | 983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074 (patch) | |
| tree | 2bc6b0ca4cc98cc7f9f5475dd813b581b1fcb02f /test | |
| parent | f118d9abb16b608d28cbd4a78356791802286df1 (diff) | |
| parent | b4e7aaf2f68af60ec32219d27d3d10b79f5d0610 (diff) | |
| download | mitmproxy-983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074.tar.gz mitmproxy-983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074.tar.bz2 mitmproxy-983b0dd4f66f962a74dadc8c2eb4a1be4e2e0074.zip | |
Merge pull request #1014 from ikoz/master
New option: Add server certs to client chain
Diffstat (limited to 'test')
| -rw-r--r-- | test/mitmproxy/test_server.py | 40 | ||||
| -rw-r--r-- | test/mitmproxy/tservers.py | 2 |
2 files changed, 42 insertions, 0 deletions
diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index d7b23bbb..26e53e8a 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -999,3 +999,43 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest): # (both terminated) # nothing happened here assert self.chain[1].tmaster.state.flow_count() == 2 + + +class AddUpstreamCertsToClientChainMixin: + + ssl = True + servercert = tutils.test_data.path("data/trusted-server.crt") + ssloptions = pathod.SSLOptions( + cn="trusted-cert", + certs=[ + ("trusted-cert", servercert) + ] + ) + + def test_add_upstream_certs_to_client_chain(self): + with open(self.servercert, "rb") as f: + d = f.read() + upstreamCert = SSLCert.from_pem(d) + p = self.pathoc() + upstream_cert_found_in_client_chain = False + for receivedCert in p.server_certs: + if receivedCert.digest('sha256') == upstreamCert.digest('sha256'): + upstream_cert_found_in_client_chain = True + break + assert(upstream_cert_found_in_client_chain == self.add_upstream_certs_to_client_chain) + + +class TestHTTPSAddUpstreamCertsToClientChainTrue(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest): + + """ + If --add-server-certs-to-client-chain is True, then the client should receive the upstream server's certificates + """ + add_upstream_certs_to_client_chain = True + + +class TestHTTPSAddUpstreamCertsToClientChainFalse(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest): + + """ + If --add-server-certs-to-client-chain is False, then the client should not receive the upstream server's certificates + """ + add_upstream_certs_to_client_chain = False diff --git a/test/mitmproxy/tservers.py b/test/mitmproxy/tservers.py index b7b5de9e..4fa519cc 100644 --- a/test/mitmproxy/tservers.py +++ b/test/mitmproxy/tservers.py @@ -86,6 +86,7 @@ class ProxyTestBase(object): no_upstream_cert = False authenticator = None masterclass = TestMaster + add_upstream_certs_to_client_chain = False @classmethod def setup_class(cls): @@ -129,6 +130,7 @@ class ProxyTestBase(object): no_upstream_cert = cls.no_upstream_cert, cadir = cls.cadir, authenticator = cls.authenticator, + add_upstream_certs_to_client_chain = cls.add_upstream_certs_to_client_chain, ) |