diff options
| -rw-r--r-- | mitmproxy/addons/__init__.py | 2 | ||||
| -rw-r--r-- | mitmproxy/addons/check_alpn.py | 17 | ||||
| -rw-r--r-- | mitmproxy/net/tcp.py | 47 | ||||
| -rw-r--r-- | mitmproxy/tools/main.py | 2 | ||||
| -rw-r--r-- | mitmproxy/utils/version_check.py | 42 | ||||
| -rw-r--r-- | pathod/pathoc.py | 8 | ||||
| -rw-r--r-- | test/conftest.py | 13 | ||||
| -rw-r--r-- | test/mitmproxy/addons/test_check_alpn.py | 23 | ||||
| -rw-r--r-- | test/mitmproxy/data/no_common_name.pem | 96 | ||||
| -rw-r--r-- | test/mitmproxy/net/test_tcp.py | 41 | ||||
| -rw-r--r-- | test/mitmproxy/proxy/protocol/test_http2.py | 12 | ||||
| -rw-r--r-- | test/mitmproxy/utils/test_version_check.py | 25 | ||||
| -rw-r--r-- | test/pathod/protocols/test_http2.py | 4 | ||||
| -rw-r--r-- | test/pathod/test_pathoc.py | 15 | ||||
| -rw-r--r-- | test/pathod/test_pathod.py | 6 |
15 files changed, 109 insertions, 244 deletions
diff --git a/mitmproxy/addons/__init__.py b/mitmproxy/addons/__init__.py index 24cf2270..62135765 100644 --- a/mitmproxy/addons/__init__.py +++ b/mitmproxy/addons/__init__.py @@ -1,7 +1,6 @@ from mitmproxy.addons import allowremote from mitmproxy.addons import anticache from mitmproxy.addons import anticomp -from mitmproxy.addons import check_alpn from mitmproxy.addons import check_ca from mitmproxy.addons import clientplayback from mitmproxy.addons import core_option_validation @@ -29,7 +28,6 @@ def default_addons(): allowremote.AllowRemote(), anticache.AntiCache(), anticomp.AntiComp(), - check_alpn.CheckALPN(), check_ca.CheckCA(), clientplayback.ClientPlayback(), cut.Cut(), diff --git a/mitmproxy/addons/check_alpn.py b/mitmproxy/addons/check_alpn.py deleted file mode 100644 index 193159b2..00000000 --- a/mitmproxy/addons/check_alpn.py +++ /dev/null @@ -1,17 +0,0 @@ -import mitmproxy -from mitmproxy.net import tcp -from mitmproxy import ctx - - -class CheckALPN: - def __init__(self): - self.failed = False - - def configure(self, updated): - self.failed = mitmproxy.ctx.master.options.http2 and not tcp.HAS_ALPN - if self.failed: - ctx.log.warn( - "HTTP/2 is disabled because ALPN support missing!\n" - "OpenSSL 1.0.2+ required to support HTTP/2 connections.\n" - "Use --no-http2 to silence this warning." - ) diff --git a/mitmproxy/net/tcp.py b/mitmproxy/net/tcp.py index fce0b744..0c2f0e28 100644 --- a/mitmproxy/net/tcp.py +++ b/mitmproxy/net/tcp.py @@ -14,18 +14,12 @@ from typing import Optional # noqa from mitmproxy.utils import strutils import certifi -import OpenSSL from OpenSSL import SSL from mitmproxy import certs -from mitmproxy.utils import version_check from mitmproxy import exceptions from mitmproxy.types import basethread -# This is a rather hackish way to make sure that -# the latest version of pyOpenSSL is actually installed. -version_check.check_pyopenssl_version() - socket_fileobject = socket.SocketIO # workaround for https://bugs.python.org/issue29515 @@ -33,7 +27,6 @@ socket_fileobject = socket.SocketIO IPPROTO_IPV6 = getattr(socket, "IPPROTO_IPV6", 41) EINTR = 4 -HAS_ALPN = SSL._lib.Cryptography_HAS_ALPN # To enable all SSL methods use: SSLv23 # then add options to disable certain methods @@ -503,7 +496,6 @@ class _Connection: if cipher_list: try: context.set_cipher_list(cipher_list.encode()) - context.set_tmp_ecdh(OpenSSL.crypto.get_elliptic_curve('prime256v1')) except SSL.Error as v: raise exceptions.TlsException("SSL cipher specification error: %s" % str(v)) @@ -511,24 +503,23 @@ class _Connection: if log_ssl_key: context.set_info_callback(log_ssl_key) - if HAS_ALPN: # pragma: openssl-old no cover - if alpn_protos is not None: - # advertise application layer protocols - context.set_alpn_protos(alpn_protos) - elif alpn_select is not None and alpn_select_callback is None: - # select application layer protocol - def alpn_select_callback(conn_, options): - if alpn_select in options: - return bytes(alpn_select) - else: # pragma: no cover - return options[0] - context.set_alpn_select_callback(alpn_select_callback) - elif alpn_select_callback is not None and alpn_select is None: - if not callable(alpn_select_callback): - raise exceptions.TlsException("ALPN error: alpn_select_callback must be a function.") - context.set_alpn_select_callback(alpn_select_callback) - elif alpn_select_callback is not None and alpn_select is not None: - raise exceptions.TlsException("ALPN error: only define alpn_select (string) OR alpn_select_callback (function).") + if alpn_protos is not None: + # advertise application layer protocols + context.set_alpn_protos(alpn_protos) + elif alpn_select is not None and alpn_select_callback is None: + # select application layer protocol + def alpn_select_callback(conn_, options): + if alpn_select in options: + return bytes(alpn_select) + else: # pragma: no cover + return options[0] + context.set_alpn_select_callback(alpn_select_callback) + elif alpn_select_callback is not None and alpn_select is None: + if not callable(alpn_select_callback): + raise exceptions.TlsException("ALPN error: alpn_select_callback must be a function.") + context.set_alpn_select_callback(alpn_select_callback) + elif alpn_select_callback is not None and alpn_select is not None: + raise exceptions.TlsException("ALPN error: only define alpn_select (string) OR alpn_select_callback (function).") return context @@ -720,7 +711,7 @@ class TCPClient(_Connection): return self.connection.gettimeout() def get_alpn_proto_negotiated(self): - if HAS_ALPN and self.ssl_established: # pragma: openssl-old no cover + if self.ssl_established: return self.connection.get_alpn_proto_negotiated() else: return b"" @@ -827,7 +818,7 @@ class BaseHandler(_Connection): self.connection.settimeout(n) def get_alpn_proto_negotiated(self): - if HAS_ALPN and self.ssl_established: # pragma: openssl-old no cover + if self.ssl_established: return self.connection.get_alpn_proto_negotiated() else: return b"" diff --git a/mitmproxy/tools/main.py b/mitmproxy/tools/main.py index 7debb3e0..58900d29 100644 --- a/mitmproxy/tools/main.py +++ b/mitmproxy/tools/main.py @@ -16,7 +16,6 @@ from mitmproxy import exceptions # noqa from mitmproxy import options # noqa from mitmproxy import optmanager # noqa from mitmproxy import proxy # noqa -from mitmproxy.utils import version_check # noqa from mitmproxy.utils import debug # noqa @@ -58,7 +57,6 @@ def run(MasterKlass, args, extra=None): # pragma: no cover extra: Extra argument processing callable which returns a dict of options. """ - version_check.check_pyopenssl_version() debug.register_info_dumpers() opts = options.Options() diff --git a/mitmproxy/utils/version_check.py b/mitmproxy/utils/version_check.py deleted file mode 100644 index 22d6d75c..00000000 --- a/mitmproxy/utils/version_check.py +++ /dev/null @@ -1,42 +0,0 @@ -""" -Having installed a wrong version of pyOpenSSL is unfortunately a very common -source of error. Check before every start that both versions are somewhat okay. -""" -import sys -import inspect -import os.path - -import OpenSSL - -PYOPENSSL_MIN_VERSION = (16, 0) - - -def check_pyopenssl_version(min_version=PYOPENSSL_MIN_VERSION, fp=sys.stderr): - min_version_str = ".".join(str(x) for x in min_version) - try: - v = tuple(int(x) for x in OpenSSL.__version__.split(".")[:2]) - except ValueError: - print( - "Cannot parse pyOpenSSL version: {}" - "mitmproxy requires pyOpenSSL {} or greater.".format( - OpenSSL.__version__, min_version_str - ), - file=fp - ) - return - if v < min_version: - print( - "You are using an outdated version of pyOpenSSL: " - "mitmproxy requires pyOpenSSL {} or greater.".format(min_version_str), - file=fp - ) - # Some users apparently have multiple versions of pyOpenSSL installed. - # Report which one we got. - pyopenssl_path = os.path.dirname(inspect.getfile(OpenSSL)) - print( - "Your pyOpenSSL {} installation is located at {}".format( - OpenSSL.__version__, pyopenssl_path - ), - file=fp - ) - sys.exit(1) diff --git a/pathod/pathoc.py b/pathod/pathoc.py index 4a613349..63a15b55 100644 --- a/pathod/pathoc.py +++ b/pathod/pathoc.py @@ -223,14 +223,6 @@ class Pathoc(tcp.TCPClient): self.ws_framereader = None if self.use_http2: - if not tcp.HAS_ALPN: # pragma: no cover - log.write_raw( - self.fp, - "HTTP/2 requires ALPN support. " - "Please use OpenSSL >= 1.0.2. " - "Pathoc might not be working as expected without ALPN.", - timestamp=False - ) self.protocol = http2.HTTP2StateProtocol(self, dump_frames=self.http2_framedump) else: self.protocol = net_http.http1 diff --git a/test/conftest.py b/test/conftest.py index bb913548..b0842bc3 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -1,15 +1,8 @@ import os import pytest -import OpenSSL - -import mitmproxy.net.tcp pytest_plugins = ('test.full_coverage_plugin',) -requires_alpn = pytest.mark.skipif( - not mitmproxy.net.tcp.HAS_ALPN, - reason='requires OpenSSL with ALPN support') - skip_windows = pytest.mark.skipif( os.name == "nt", reason='Skipping due to Windows' @@ -24,9 +17,3 @@ skip_appveyor = pytest.mark.skipif( "APPVEYOR" in os.environ, reason='Skipping due to Appveyor' ) - - -@pytest.fixture() -def disable_alpn(monkeypatch): - monkeypatch.setattr(mitmproxy.net.tcp, 'HAS_ALPN', False) - monkeypatch.setattr(OpenSSL.SSL._lib, 'Cryptography_HAS_ALPN', False) diff --git a/test/mitmproxy/addons/test_check_alpn.py b/test/mitmproxy/addons/test_check_alpn.py deleted file mode 100644 index 2b1d6058..00000000 --- a/test/mitmproxy/addons/test_check_alpn.py +++ /dev/null @@ -1,23 +0,0 @@ -from mitmproxy.addons import check_alpn -from mitmproxy.test import taddons -from ...conftest import requires_alpn - - -class TestCheckALPN: - - @requires_alpn - def test_check_alpn(self): - msg = 'ALPN support missing' - - with taddons.context() as tctx: - a = check_alpn.CheckALPN() - tctx.configure(a) - assert not tctx.master.has_log(msg) - - def test_check_no_alpn(self, disable_alpn): - msg = 'ALPN support missing' - - with taddons.context() as tctx: - a = check_alpn.CheckALPN() - tctx.configure(a) - assert tctx.master.has_log(msg) diff --git a/test/mitmproxy/data/no_common_name.pem b/test/mitmproxy/data/no_common_name.pem index fc271a0e..d46448f5 100644 --- a/test/mitmproxy/data/no_common_name.pem +++ b/test/mitmproxy/data/no_common_name.pem @@ -1,20 +1,84 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOQIBAAJBAKVJ43C+8SjOvN9/pP/8HwzmHGQmRvdK/R6KlWdr7He6iiXDQNfH -RAp+gqX0hBRT80eRjGhSmTTBLCWiXVny4UUCAwEAAQJAUQ8nZ0d85VJd9g2XUaLH -Z4ACNGtBKk2wTKYSFyIqWZxsF5qhh7HGshJIAP6tYiX8ZW+mMSfme+zsJzWe8ChL -gQIhAM8QpAgUHnNteZvkv0XqceX1GILEWifMt+hO9yTp4dY5AiEAzFnKr77CKCri -/DPig4R/5q4KMpMx9EqJufHdGNmIA20CICMARxnufK86RCIr6oEg/hvG8Fu6YRr1 -Kekk3/XnavtRAiBVLVQ7vwKE5aNpRmMzOKZrS736aLpYvjz8IaFr+zgjXQIgdad5 -QZoTD49NTyMEgyZp70gTXcXQLrX2PgQKL4uNmoU= +MIIJKgIBAAKCAgEA4Jut+R51opC773ToeUhwJOVGnpxNqzZTDMImO141WPvKMjMs +i15f0U3OKqK8YERDfDzaAbgqz6MNgqc8QbNJ0e9VxtMUzTkCwSlbDHMFgZNyXVRX +OQEBJ/fTMlU+LimOH38QY0orifdAHH+kPUYIiqTBzgJvCy8w1o4hGSlzf2HW400d +mlRSJEVgBj6nXQENbVxmxf6f9H19eWpnLuP5aJIwP4LEsGdqLP0ESnWfZVPIAiEs +LuYkhbRXqiuJfnc1am8LexzLi4VQMCw0K4Tm1lTbapcnOUakO6orQvX7MOEKYBU+ +ogGGby0MyOTaCkuUFi0YdTtU4DEdWJ9HfogRO/uG1325/8/T+tq8RgOkp9cUvjU3 +ONqpLZC6zs0YR8OzlTbXClmV+Mr6d1qEb3jk6zWlLykLVozOS3z5vdVxpbJqM/Ct +HporAA0cSer2EGtN68OB3Hy3Bh7MPjqpSFSJ1uTQ755jS3qOzwggoQFCz2dBmfyi +7nOGHFW4h/5NaF1mnIlJJVnJIZajSNl9e6klGeXmJv4ZtiqJd/CG0jTUnGWOTimu +kSmxVNcWs2vFjwQhuRJwawzGo7O1gZPkq3/0/F+yLp5karmRJs8sQ/JDvGL4rW5Y +qW7u1WuYQeHYHscfPwf0be8teKWcURIqBoHPxdJV3s9zf8Y/AN9OFFdPqwcCAwEA +AQKCAgEAtdHQV2Ws3FhFimYc+nEFNxjSvfrRdNOZDy7rPAvbK5lH6LM8T+WpswlE +54as71DTQHMSF2o6XbMkcKtoP9ce3u7bhQPCRw7rh+ouZjmGL4pofdyUbvS9NtmL +Aae3mi7RefWmEnosHJcmMuuwzFkw+Oq+aEHYGjmtU0Hi0TeY43kUNxRp7lBr3ii6 +vtNhMAx2Dh1KpOSmH4imVe8ob/DkKR6OKBt3lUVh0eFP4+arjZ7wvaiU17I9xm5i +uMJdnx5pAyu5I4P/0YWtkBF4efIv2zj+FZ8ehWMF97adJqtxF/RULcuE1Chf5weU +3dtEFilwSzNeJShOYN3hX6gwe+Ex8NQ7EIcbkJBaxzteEbcCJJf2rUq5oHwt3MFR +H1m1iZ/H3erNHOIqr+LW5+ZXI9Lyyn9z1YTodP2KIfB6Rg8ldsaEnkuCD/S+iikO +xNo/OwJf3rHtbeRtpAfSqkSMhT57hadRTvPlBMAoFEsX3hdw1XuRLOp9YAhsjdhU +GBzD+U/kB8FlYRhPjvjT97lJ7uE2AosGgIZBwpyv/UqPU75u/3SgubLmIHoXYWBn +jPig0H3zqpT+1D+88umMP5Ka+V/KsofUvObSjipdw3U1ZekI+08SLlGQqLvA7tk/ +3WvT7QN3k0OUx261pJNHmVhPZysJT0DNpJX9x/4jFiLVBxYyomECggEBAPNtLge0 +YJGvKTTpQoKlIb/a47wncBizyeVRhjcYNRQn6JcSzPPao8x1/ARoKPGeTXqDWiHt +o8RllF1aEKbO0gTXtBM7jjwf1ueco1F4IQYc7EnA1TwNyQ0JeA5RFcpOzLOx4SK5 +67jMaAI/gQ2Q4H3uISWF+hPlckRySpwouz+xS3QP6PZ8S6lZwHF5S9LMrxTlwbPj +yAjgIllFIvs91J6mDljll1ZG601CU8piaY5zPoJVQIesA/YRK+rlHBPICOGXJBm7 +G8kbYT9EFibxklWjiz9C9G70WPulPCZpAqaqIp70nOFR+Kp5g8VuPaMKFx8p3qc/ +AQJGlO06lFVaL0UCggEBAOw1qkzBFTdBmZW9VSBHBQdTJuuuWjoLCp1tfPUYluqG +VrzIKN0dlnB2Qy5uOHd0fVTq88+EadnXwt2hOkp4uGeWOIZfE0welWmNZ1ym9vkg +PSLgPYBDSL1rDntLeAgEUYl4gnFL8zyD0uKw/+oMoMaW2jNEqmGJH9y5uG2lkFGC +A6MbEw32sfJKoWB2GvnlIPGAMfZy9Varxq/r24OeFi7J6ja89DBL9OEWsB49/CP0 +92dkS2+7KekTN9go3cFaqnseDHNUuRhHsIJBpaWSaxlUwpVP6QQtn5NMEW44YpnE +PDk/EsxwOVAGRVaS5+pBJSUbLplXRHlzVZW4lEc+f9sCggEAe0ZuSh6RzRVck9wQ +/6JqzgMm03FRdmEOPKCljJ8oujVft6ogutmdm/ygDQdGvN3DNOjyKz5ychJTKVdk +GWWhvCwUmKzPYilpps+PccGZT8Qz8UHDeu8sQvrpnq53j4WKavIJJpHrCyIRBhps +25bj6UI/7QXFWHAZBwquOBj0gtPhdzxbaQAXPQMjzxNzT6Syga29A8G12rDPFFBL +39o3I8TKfUB//IRbwzt0vYhLFoXMQSq1TD/Tnbiieglex7HEtaHZ+WHlN1ozTFvJ +sB0kU1RIP1hD+zCpI39RT85cNlTwxXjxPbZKbOKu1bv3YOrKPNDyXdYtR57A6saA +uhy61QKCAQEAnax5AIFGyzrD7duTjlc5+Ri9e0dIPUSPkmS6q9T9MJH6JkwqUudk +O7AFymGS2dJtsxifJV/LVLoc/tqX0Yxh8+un0bJ3bDFiJTJZ09Q0OjoV9UjgZNUF +IkPrR8wp1JglYXGLCVvcgwGv7NigC7jgPZAHGX/1h+QD29AxVyfUfUQfb2osPv70 +67p7nKtZ+IPFiM+9CjjUokVJ/LahMmt9fUAVUvKwweiCDxqY96cCv3HPEDo3zN6P +7GCCv40P8fi2ojZ9syLT52w7W8e8bhid2yvkM81CyyI1ShrV69BBqUj/tmru/n7P +EycMc+zeWFWiGPHbGkrRj4y4jZfHiwMiTwKCAQEAk77dpDHxxTbmW0sdRYsEgwbz +hhbi4vhaEsJODDg0WsqZYOxsfbjTXYYSClCel3QHuJGHmEqCTcj8SqWXwpQhTeW1 +Ngs1tOprfLAo+XCbUTy51b9Acx6l/EgP1n5lrjNnGgcygfAYSG34zXSnXpiJzqQP +vKXntjJii5U8d+Qzvvwf6taU5v0JqO1J2ZWmvmgZN9qgVR42KVvdBc1F6qsN4F68 +ZrY9lULqi776Z60Dfl9S/7E4BCSEyZm4PjJ39zQYMYc4B77YYv/aO4WFZBm7gbc/ +0UP8WkOzc8wYOqgLF2KatJkaOLBfbhMGaKPvjvWDfjyVfZ8I4Gqx2rI8ILHEuQ== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIBgTCCASugAwIBAgIJAKlcXsPLQAQuMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV -BAYTAkFVMB4XDTEzMTIxMjAxMzA1NVoXDTE0MDExMTAxMzA1NVowDTELMAkGA1UE -BhMCQVUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApUnjcL7xKM6833+k//wfDOYc -ZCZG90r9HoqVZ2vsd7qKJcNA18dECn6CpfSEFFPzR5GMaFKZNMEsJaJdWfLhRQID -AQABo24wbDAdBgNVHQ4EFgQUJm8BXcVRsROy0PVt5stkB3eVnEgwPQYDVR0jBDYw -NIAUJm8BXcVRsROy0PVt5stkB3eVnEihEaQPMA0xCzAJBgNVBAYTAkFVggkAqVxe -w8tABC4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAHHxcBEpWrIqtLVH -m6Yn1hgqrAbfMj9IK6zY9C5Cbad/DfUj3AZMb5u758WJK0x9brmckgqdrQsuf9He -Ef51/SU= +MIIFtTCCA52gAwIBAgIJAM/qkBYP5ExSMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTcwNzI1MDg0MDAwWhcNMTgwNzI1MDg0MDAwWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA4Jut+R51opC773ToeUhwJOVGnpxNqzZTDMImO141WPvKMjMsi15f0U3O +KqK8YERDfDzaAbgqz6MNgqc8QbNJ0e9VxtMUzTkCwSlbDHMFgZNyXVRXOQEBJ/fT +MlU+LimOH38QY0orifdAHH+kPUYIiqTBzgJvCy8w1o4hGSlzf2HW400dmlRSJEVg +Bj6nXQENbVxmxf6f9H19eWpnLuP5aJIwP4LEsGdqLP0ESnWfZVPIAiEsLuYkhbRX +qiuJfnc1am8LexzLi4VQMCw0K4Tm1lTbapcnOUakO6orQvX7MOEKYBU+ogGGby0M +yOTaCkuUFi0YdTtU4DEdWJ9HfogRO/uG1325/8/T+tq8RgOkp9cUvjU3ONqpLZC6 +zs0YR8OzlTbXClmV+Mr6d1qEb3jk6zWlLykLVozOS3z5vdVxpbJqM/CtHporAA0c +Ser2EGtN68OB3Hy3Bh7MPjqpSFSJ1uTQ755jS3qOzwggoQFCz2dBmfyi7nOGHFW4 +h/5NaF1mnIlJJVnJIZajSNl9e6klGeXmJv4ZtiqJd/CG0jTUnGWOTimukSmxVNcW +s2vFjwQhuRJwawzGo7O1gZPkq3/0/F+yLp5karmRJs8sQ/JDvGL4rW5YqW7u1WuY +QeHYHscfPwf0be8teKWcURIqBoHPxdJV3s9zf8Y/AN9OFFdPqwcCAwEAAaOBpzCB +pDAdBgNVHQ4EFgQUZrQUSE9A8i0N4ZuQZq/F4I74QlwwdQYDVR0jBG4wbIAUZrQU +SE9A8i0N4ZuQZq/F4I74QlyhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT +b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDP +6pAWD+RMUjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQDPeylCUY4k +nG1KoT139g5T5G1/lxgmYnDqQB1+5JYCQWsPK7sy19tD58bq3+2N2Tozu2/f/GkG +LZtouLyRciFtcAWy4LQlSR4hTLAWeik2WV/h+ovfv4XwvRuwS5PYVQNHQsOAO3ea +hX+W+w+rwI+MFlgEHJO85P61ijcNVbiTpgd0s47RViKyJVDqfhCmpobzS5eTbbXn +F1oFlV84lgEt84BE4RJxlr6fSIxZn6rQPjdbY65snol7Zs2oAt7nLb3hpZgWKobF +3xAfkC9m19nQHeYz3JlNC7sf80top2H2HEZMVVOAD+MxXkcAjNbjBRT3/KAIyWex +2fmoGRbvCIU0LFyyyk7/tG1xTgxNuBmd4Byz1LI25uz6eK4Ey8LeZmp5mvaewI53 +t65sAGBkx+LIRt0yGmMCRRFl735Ya4SJD7je1GTiw9I3Yd63dtaJTVd65kkFkLOk +LD56iJHSyCY6JkDXd8RjozIVoaXkVQh2wFq/ZfXzAgIx/u5cJQCMG2DAu6/WI74+ +7invOv7dbYfoI02N4iB57iRbPxE4gSrRayYxUVdH1R/tlXbN9Fkd30fl2WfSO897 +QC/ODA9w86FSFANhn6nv2KuKIMUSEW+5ZhBowSFIBEdAaMS7yj9uuBWmQKrWNfOh +mZJF1YiFmgRybkdKHPrlCSZyvVBdmnmM6g== -----END CERTIFICATE----- diff --git a/test/mitmproxy/net/test_tcp.py b/test/mitmproxy/net/test_tcp.py index 73de0879..3345840e 100644 --- a/test/mitmproxy/net/test_tcp.py +++ b/test/mitmproxy/net/test_tcp.py @@ -3,7 +3,6 @@ import queue import time import socket import random -import os import threading import pytest from unittest import mock @@ -15,7 +14,6 @@ from mitmproxy import exceptions from mitmproxy.test import tutils from . import tservers -from ...conftest import requires_alpn class EchoHandler(tcp.BaseHandler): @@ -534,36 +532,18 @@ class TestTimeOut(tservers.ServerTestBase): c.rfile.read(10) -class TestCryptographyALPN: - - def test_has_alpn(self): - if os.environ.get("OPENSSL") == "with-alpn": - assert tcp.HAS_ALPN - assert SSL._lib.Cryptography_HAS_ALPN - elif os.environ.get("OPENSSL") == "old": - assert not tcp.HAS_ALPN - assert not SSL._lib.Cryptography_HAS_ALPN - - class TestALPNClient(tservers.ServerTestBase): handler = ALPNHandler ssl = dict( alpn_select=b"bar" ) - @requires_alpn - @pytest.mark.parametrize('has_alpn,alpn_protos, expected_negotiated, expected_response', [ - (True, [b"foo", b"bar", b"fasel"], b'bar', b'bar'), - (True, [], b'', b'NONE'), - (True, None, b'', b'NONE'), - (False, [b"foo", b"bar", b"fasel"], b'', b'NONE'), - (False, [], b'', b'NONE'), - (False, None, b'', b'NONE'), + @pytest.mark.parametrize('alpn_protos, expected_negotiated, expected_response', [ + ([b"foo", b"bar", b"fasel"], b'bar', b'bar'), + ([], b'', b'NONE'), + (None, b'', b'NONE'), ]) - def test_alpn(self, monkeypatch, has_alpn, alpn_protos, expected_negotiated, expected_response): - monkeypatch.setattr(tcp, 'HAS_ALPN', has_alpn) - monkeypatch.setattr(SSL._lib, 'Cryptography_HAS_ALPN', has_alpn) - + def test_alpn(self, monkeypatch, alpn_protos, expected_negotiated, expected_response): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): c.convert_to_ssl(alpn_protos=alpn_protos) @@ -574,7 +554,7 @@ class TestALPNClient(tservers.ServerTestBase): class TestNoSSLNoALPNClient(tservers.ServerTestBase): handler = ALPNHandler - def test_no_ssl_no_alpn(self, disable_alpn): + def test_no_ssl_no_alpn(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): assert c.get_alpn_proto_negotiated() == b"" @@ -857,9 +837,8 @@ class TestSSLInvalid(tservers.ServerTestBase): def test_alpn_error(self): c = tcp.TCPClient(("127.0.0.1", self.port)) with c.connect(): - if tcp.HAS_ALPN: - with pytest.raises(exceptions.TlsException, match="must be a function"): - c.create_ssl_context(alpn_select_callback="foo") + with pytest.raises(exceptions.TlsException, match="must be a function"): + c.create_ssl_context(alpn_select_callback="foo") - with pytest.raises(exceptions.TlsException, match="ALPN error"): - c.create_ssl_context(alpn_select="foo", alpn_select_callback="bar") + with pytest.raises(exceptions.TlsException, match="ALPN error"): + c.create_ssl_context(alpn_select="foo", alpn_select_callback="bar") diff --git a/test/mitmproxy/proxy/protocol/test_http2.py b/test/mitmproxy/proxy/protocol/test_http2.py index 487d8890..583e6e27 100644 --- a/test/mitmproxy/proxy/protocol/test_http2.py +++ b/test/mitmproxy/proxy/protocol/test_http2.py @@ -17,7 +17,6 @@ from mitmproxy.net.http import http1, http2 from pathod.language import generators from ... import tservers -from ....conftest import requires_alpn import logging logging.getLogger("hyper.packages.hpack.hpack").setLevel(logging.WARNING) @@ -203,7 +202,6 @@ class _Http2Test(_Http2TestBase, _Http2ServerBase): _Http2ServerBase.teardown_class() -@requires_alpn class TestSimple(_Http2Test): request_body_buffer = b'' @@ -286,7 +284,6 @@ class TestSimple(_Http2Test): assert response_body_buffer == b'response body' -@requires_alpn class TestRequestWithPriority(_Http2Test): @classmethod @@ -368,7 +365,6 @@ class TestRequestWithPriority(_Http2Test): assert resp.headers.get('priority_weight', None) == expected_priority[2] -@requires_alpn class TestPriority(_Http2Test): @classmethod @@ -453,7 +449,6 @@ class TestPriority(_Http2Test): assert self.priority_data == expected_priority -@requires_alpn class TestStreamResetFromServer(_Http2Test): @classmethod @@ -504,7 +499,6 @@ class TestStreamResetFromServer(_Http2Test): assert self.master.state.flows[0].response is None -@requires_alpn class TestBodySizeLimit(_Http2Test): @classmethod @@ -554,7 +548,6 @@ class TestBodySizeLimit(_Http2Test): assert len(self.master.state.flows) == 0 -@requires_alpn class TestPushPromise(_Http2Test): @classmethod @@ -723,7 +716,6 @@ class TestPushPromise(_Http2Test): # the other two bodies might not be transmitted before the reset -@requires_alpn class TestConnectionLost(_Http2Test): @classmethod @@ -765,7 +757,6 @@ class TestConnectionLost(_Http2Test): assert self.master.state.flows[0].response is None -@requires_alpn class TestMaxConcurrentStreams(_Http2Test): @classmethod @@ -826,7 +817,6 @@ class TestMaxConcurrentStreams(_Http2Test): assert b"Stream-ID " in flow.response.content -@requires_alpn class TestConnectionTerminated(_Http2Test): @classmethod @@ -867,7 +857,6 @@ class TestConnectionTerminated(_Http2Test): assert connection_terminated_event.additional_data == b'foobar' -@requires_alpn class TestRequestStreaming(_Http2Test): @classmethod @@ -926,7 +915,6 @@ class TestRequestStreaming(_Http2Test): assert connection_terminated_event is None -@requires_alpn class TestResponseStreaming(_Http2Test): @classmethod diff --git a/test/mitmproxy/utils/test_version_check.py b/test/mitmproxy/utils/test_version_check.py deleted file mode 100644 index d7929378..00000000 --- a/test/mitmproxy/utils/test_version_check.py +++ /dev/null @@ -1,25 +0,0 @@ -import io -from unittest import mock -from mitmproxy.utils import version_check - - -@mock.patch("sys.exit") -def test_check_pyopenssl_version(sexit): - fp = io.StringIO() - version_check.check_pyopenssl_version(fp=fp) - assert not fp.getvalue() - assert not sexit.called - - version_check.check_pyopenssl_version((9999,), fp=fp) - assert "outdated" in fp.getvalue() - assert sexit.called - - -@mock.patch("sys.exit") -@mock.patch("OpenSSL.__version__") -def test_unparseable_pyopenssl_version(version, sexit): - version.split.return_value = ["foo", "bar"] - fp = io.StringIO() - version_check.check_pyopenssl_version(fp=fp) - assert "Cannot parse" in fp.getvalue() - assert not sexit.called diff --git a/test/pathod/protocols/test_http2.py b/test/pathod/protocols/test_http2.py index c16a6d40..b1eebc73 100644 --- a/test/pathod/protocols/test_http2.py +++ b/test/pathod/protocols/test_http2.py @@ -11,8 +11,6 @@ from ...mitmproxy.net import tservers as net_tservers from pathod.protocols.http2 import HTTP2StateProtocol, TCPHandler -from ...conftest import requires_alpn - class TestTCPHandlerWrapper: def test_wrapped(self): @@ -68,7 +66,6 @@ class TestProtocol: assert mock_server_method.called -@requires_alpn class TestCheckALPNMatch(net_tservers.ServerTestBase): handler = EchoHandler ssl = dict( @@ -83,7 +80,6 @@ class TestCheckALPNMatch(net_tservers.ServerTestBase): assert protocol.check_alpn() -@requires_alpn class TestCheckALPNMismatch(net_tservers.ServerTestBase): handler = EchoHandler ssl = dict( diff --git a/test/pathod/test_pathoc.py b/test/pathod/test_pathoc.py index 2dd29e20..4b50e2a7 100644 --- a/test/pathod/test_pathoc.py +++ b/test/pathod/test_pathoc.py @@ -11,7 +11,6 @@ from pathod.protocols.http2 import HTTP2StateProtocol from mitmproxy.test import tutils from . import tservers -from ..conftest import requires_alpn def test_response(): @@ -216,7 +215,6 @@ class TestDaemonHTTP2(PathocTestDaemon): ssl = True explain = False - @requires_alpn def test_http2(self): c = pathoc.Pathoc( ("127.0.0.1", self.d.port), @@ -231,7 +229,6 @@ class TestDaemonHTTP2(PathocTestDaemon): ) assert c.protocol == http1 - @requires_alpn def test_http2_alpn(self): c = pathoc.Pathoc( ("127.0.0.1", self.d.port), @@ -248,7 +245,6 @@ class TestDaemonHTTP2(PathocTestDaemon): _, kwargs = c.convert_to_ssl.call_args assert set(kwargs['alpn_protos']) == set([b'http/1.1', b'h2']) - @requires_alpn def test_request(self): c = pathoc.Pathoc( ("127.0.0.1", self.d.port), @@ -259,14 +255,3 @@ class TestDaemonHTTP2(PathocTestDaemon): with c.connect(): resp = c.request("get:/p/200") assert resp.status_code == 200 - - def test_failing_request(self, disable_alpn): - c = pathoc.Pathoc( - ("127.0.0.1", self.d.port), - fp=None, - ssl=True, - use_http2=True, - ) - with pytest.raises(NotImplementedError): - with c.connect(): - c.request("get:/p/200") diff --git a/test/pathod/test_pathod.py b/test/pathod/test_pathod.py index 88480a59..5f191c0d 100644 --- a/test/pathod/test_pathod.py +++ b/test/pathod/test_pathod.py @@ -8,7 +8,6 @@ from mitmproxy import exceptions from mitmproxy.test import tutils from . import tservers -from ..conftest import requires_alpn class TestPathod: @@ -257,11 +256,6 @@ class TestHTTP2(tservers.DaemonTests): ssl = True nohang = True - @requires_alpn def test_http2(self): r, _ = self.pathoc(["GET:/"], ssl=True, use_http2=True) assert r[0].status_code == 800 - - def test_no_http2(self, disable_alpn): - with pytest.raises(NotImplementedError): - r, _ = self.pathoc(["GET:/"], ssl=True, use_http2=True) |