From 26fa88a338c96a9e57fdbf3943a8936eaac4c5c7 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Tue, 19 Jul 2016 13:23:54 +1200 Subject: ProxyConfig: Refactor to move verification mode checks into configure --- mitmproxy/proxy/config.py | 21 +++++++++++---------- test/mitmproxy/test_server.py | 36 ++++++++++++++++++++++-------------- 2 files changed, 33 insertions(+), 24 deletions(-) diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index 58c7d1c6..2bf044a0 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -102,27 +102,28 @@ class ProxyConfig: self.rawtcp = rawtcp self.authenticator = authenticator - self.openssl_method_client, self.openssl_options_client = \ - tcp.sslversion_choices[options.ssl_version_client] - self.openssl_method_server, self.openssl_options_server = \ - tcp.sslversion_choices[options.ssl_version_server] - - if options.ssl_verify_upstream_cert: - self.openssl_verification_mode_server = SSL.VERIFY_PEER - else: - self.openssl_verification_mode_server = SSL.VERIFY_NONE - self.check_ignore = None self.check_tcp = None self.certstore = None self.clientcerts = None + self.openssl_verification_mode_server = None self.configure(options) options.changed.connect(self.configure) def configure(self, options): + if options.ssl_verify_upstream_cert: + self.openssl_verification_mode_server = SSL.VERIFY_PEER + else: + self.openssl_verification_mode_server = SSL.VERIFY_NONE + self.check_ignore = HostMatcher(options.ignore_hosts) self.check_tcp = HostMatcher(options.tcp_hosts) + self.openssl_method_client, self.openssl_options_client = \ + tcp.sslversion_choices[options.ssl_version_client] + self.openssl_method_server, self.openssl_options_server = \ + tcp.sslversion_choices[options.ssl_version_server] + certstore_path = os.path.expanduser(options.cadir) if not os.path.exists(os.path.dirname(certstore_path)): raise exceptions.OptionsError( diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index a64a8565..f036fefd 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -368,9 +368,11 @@ class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxyTest): ]) def test_verification_w_cadir(self): - self.config.openssl_verification_mode_server = SSL.VERIFY_PEER - self.config.options.ssl_verify_upstream_trusted_cadir = tutils.test_data.path( - "data/trusted-cadir/" + self.config.options.update( + ssl_verify_upstream_cert = True, + ssl_verify_upstream_trusted_cadir = tutils.test_data.path( + "data/trusted-cadir/" + ) ) self.pathoc() @@ -401,23 +403,29 @@ class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxyTest): def test_default_verification_w_bad_cert(self): """Should use no verification.""" - self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( - "data/trusted-cadir/trusted-ca.pem") - + self.config.options.update( + ssl_verify_upstream_trusted_ca = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem" + ) + ) assert self._request().status_code == 242 def test_no_verification_w_bad_cert(self): - self.config.openssl_verification_mode_server = SSL.VERIFY_NONE - self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( - "data/trusted-cadir/trusted-ca.pem") - + self.config.options.update( + ssl_verify_upstream_cert = False, + ssl_verify_upstream_trusted_ca = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem" + ) + ) assert self._request().status_code == 242 def test_verification_w_bad_cert(self): - self.config.openssl_verification_mode_server = SSL.VERIFY_PEER - self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( - "data/trusted-cadir/trusted-ca.pem") - + self.config.options.update( + ssl_verify_upstream_cert = True, + ssl_verify_upstream_trusted_ca = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem" + ) + ) assert self._request().status_code == 502 -- cgit v1.2.3