From 5cfe783b6c38b9fa6473e57b9567149146829108 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Tue, 19 Jul 2016 14:06:02 +1200 Subject: ProxyConfig: http2, rawtcp, no_upstream_cert -> Options --- mitmproxy/cmdline.py | 3 +++ mitmproxy/console/master.py | 2 +- mitmproxy/dump.py | 2 +- mitmproxy/flow/options.py | 6 ++++++ mitmproxy/protocol/tls.py | 6 +++--- mitmproxy/proxy/config.py | 10 ---------- mitmproxy/proxy/root_context.py | 2 +- mitmproxy/web/app.py | 12 ++++++------ test/mitmproxy/test_protocol_http2.py | 5 +---- test/mitmproxy/tservers.py | 2 +- 10 files changed, 23 insertions(+), 27 deletions(-) diff --git a/mitmproxy/cmdline.py b/mitmproxy/cmdline.py index f703b8ec..00d71511 100644 --- a/mitmproxy/cmdline.py +++ b/mitmproxy/cmdline.py @@ -258,10 +258,13 @@ def get_common_options(args): ciphers_client = args.ciphers_client, ciphers_server = args.ciphers_server, clientcerts = args.clientcerts, + http2 = args.http2, ignore_hosts = args.ignore_hosts, listen_host = args.addr, listen_port = args.port, mode = mode, + no_upstream_cert = args.no_upstream_cert, + rawtcp = args.rawtcp, upstream_server = upstream_server, upstream_auth = args.upstream_auth, ssl_version_client = args.ssl_version_client, diff --git a/mitmproxy/console/master.py b/mitmproxy/console/master.py index 25a0b83f..86e889cc 100644 --- a/mitmproxy/console/master.py +++ b/mitmproxy/console/master.py @@ -476,7 +476,7 @@ class ConsoleMaster(flow.FlowMaster): sys.exit(1) self.loop.set_alarm_in(0.01, self.ticker) - if self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover + if self.options.http2 and not tcp.HAS_ALPN: # pragma: no cover def http2err(*args, **kwargs): signals.status_message.send( message = "HTTP/2 disabled - OpenSSL 1.0.2+ required." diff --git a/mitmproxy/dump.py b/mitmproxy/dump.py index eaa368a0..78dd2578 100644 --- a/mitmproxy/dump.py +++ b/mitmproxy/dump.py @@ -53,7 +53,7 @@ class DumpMaster(flow.FlowMaster): self.set_stream_large_bodies(options.stream_large_bodies) - if self.server and self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover + if self.server and self.options.http2 and not tcp.HAS_ALPN: # pragma: no cover print("ALPN support missing (OpenSSL 1.0.2+ required)!\n" "HTTP/2 is disabled. Use --no-http2 to silence this warning.", file=sys.stderr) diff --git a/mitmproxy/flow/options.py b/mitmproxy/flow/options.py index 2586fec7..f1f8c2ed 100644 --- a/mitmproxy/flow/options.py +++ b/mitmproxy/flow/options.py @@ -46,10 +46,13 @@ class Options(options.Options): ciphers_client = cmdline.DEFAULT_CLIENT_CIPHERS, # type: str ciphers_server = None, # type: Optional[str] clientcerts = None, # type: Optional[str] + http2 = True, # type: bool ignore_hosts = (), # type: Sequence[str] listen_host = "", # type: str listen_port = 8080, # type: int mode = "regular", # type: str + no_upstream_cert = False, # type: bool + rawtcp = False, # type: bool upstream_server = "", # type: str upstream_auth = "", # type: str ssl_version_client="secure", # type: str @@ -97,10 +100,13 @@ class Options(options.Options): self.ciphers_client = ciphers_client self.ciphers_server = ciphers_server self.clientcerts = clientcerts + self.http2 = http2 self.ignore_hosts = ignore_hosts self.listen_host = listen_host self.listen_port = listen_port self.mode = mode + self.no_upstream_cert = no_upstream_cert + self.rawtcp = rawtcp self.upstream_server = upstream_server self.upstream_auth = upstream_auth self.ssl_version_client = ssl_version_client diff --git a/mitmproxy/protocol/tls.py b/mitmproxy/protocol/tls.py index c44df299..51f4d80d 100644 --- a/mitmproxy/protocol/tls.py +++ b/mitmproxy/protocol/tls.py @@ -366,7 +366,7 @@ class TlsLayer(base.Layer): # 2.5 The client did not sent a SNI value, we don't know the certificate subject. client_tls_requires_server_connection = ( self._server_tls and - not self.config.no_upstream_cert and + not self.config.options.no_upstream_cert and ( self.config.options.add_upstream_certs_to_client_chain or self._client_hello.alpn_protocols or @@ -519,7 +519,7 @@ class TlsLayer(base.Layer): alpn = [x for x in self._client_hello.alpn_protocols if not deprecated_http2_variant(x)] else: alpn = None - if alpn and b"h2" in alpn and not self.config.http2: + if alpn and b"h2" in alpn and not self.config.options.http2: alpn.remove(b"h2") ciphers_server = self.config.options.ciphers_server @@ -595,7 +595,7 @@ class TlsLayer(base.Layer): use_upstream_cert = ( self.server_conn and self.server_conn.tls_established and - (not self.config.no_upstream_cert) + (not self.config.options.no_upstream_cert) ) if use_upstream_cert: upstream_cert = self.server_conn.cert diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index 6e645b99..ff133084 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -73,17 +73,10 @@ class ProxyConfig: def __init__( self, options, - no_upstream_cert=False, authenticator=None, - http2=True, - rawtcp=False, - certs=tuple(), ): self.options = options - self.no_upstream_cert = no_upstream_cert - self.http2 = http2 - self.rawtcp = rawtcp self.authenticator = authenticator self.check_ignore = None @@ -189,8 +182,5 @@ def process_proxy_options(parser, options, args): return ProxyConfig( options, - no_upstream_cert=args.no_upstream_cert, - http2=args.http2, - rawtcp=args.rawtcp, authenticator=authenticator, ) diff --git a/mitmproxy/proxy/root_context.py b/mitmproxy/proxy/root_context.py index 4d6509d4..81dd625c 100644 --- a/mitmproxy/proxy/root_context.py +++ b/mitmproxy/proxy/root_context.py @@ -102,7 +102,7 @@ class RootContext(object): # expect A-Za-z all(65 <= x <= 90 or 97 <= x <= 122 for x in six.iterbytes(d)) ) - if self.config.rawtcp and not is_ascii: + if self.config.options.rawtcp and not is_ascii: return protocol.RawTCPLayer(top_layer) # 7. Assume HTTP1 by default diff --git a/mitmproxy/web/app.py b/mitmproxy/web/app.py index e6b95cdf..b643f97e 100644 --- a/mitmproxy/web/app.py +++ b/mitmproxy/web/app.py @@ -339,9 +339,9 @@ class Settings(RequestHandler): mode=str(self.master.options.mode), intercept=self.state.intercept_txt, showhost=self.master.options.showhost, - no_upstream_cert=self.master.server.config.no_upstream_cert, - rawtcp=self.master.server.config.rawtcp, - http2=self.master.server.config.http2, + no_upstream_cert=self.master.options.no_upstream_cert, + rawtcp=self.master.options.rawtcp, + http2=self.master.options.http2, anticache=self.master.options.anticache, anticomp=self.master.options.anticomp, stickyauth=self.master.options.stickyauth, @@ -360,13 +360,13 @@ class Settings(RequestHandler): self.master.options.showhost = v update[k] = v elif k == "no_upstream_cert": - self.master.server.config.no_upstream_cert = v + self.master.options.no_upstream_cert = v update[k] = v elif k == "rawtcp": - self.master.server.config.rawtcp = v + self.master.options.rawtcp = v update[k] = v elif k == "http2": - self.master.server.config.http2 = v + self.master.options.http2 = v update[k] = v elif k == "anticache": self.master.options.anticache = v diff --git a/test/mitmproxy/test_protocol_http2.py b/test/mitmproxy/test_protocol_http2.py index d910ecae..e8866643 100644 --- a/test/mitmproxy/test_protocol_http2.py +++ b/test/mitmproxy/test_protocol_http2.py @@ -104,10 +104,9 @@ class _Http2TestBase(object): @classmethod def get_proxy_config(cls): - opts = options.Options(listen_port=0) + opts = options.Options(listen_port=0, no_upstream_cert=False) opts.cadir = os.path.join(tempfile.gettempdir(), "mitmproxy") d = dict( - no_upstream_cert=False, authenticator=None, ) return d, opts @@ -122,8 +121,6 @@ class _Http2TestBase(object): self.server.server.handle_server_event = self.handle_server_event def _setup_connection(self): - self.config.http2 = True - client = netlib.tcp.TCPClient(("127.0.0.1", self.proxy.port)) client.connect() diff --git a/test/mitmproxy/tservers.py b/test/mitmproxy/tservers.py index 2bfc27e8..8df30e34 100644 --- a/test/mitmproxy/tservers.py +++ b/test/mitmproxy/tservers.py @@ -121,12 +121,12 @@ class ProxyTestBase(object): def get_proxy_config(cls): cls.cadir = os.path.join(tempfile.gettempdir(), "mitmproxy") cnf = dict( - no_upstream_cert = cls.no_upstream_cert, authenticator = cls.authenticator, ) return cnf, options.Options( listen_port=0, cadir=cls.cadir, + no_upstream_cert = cls.no_upstream_cert, add_upstream_certs_to_client_chain=cls.add_upstream_certs_to_client_chain ) -- cgit v1.2.3