From 7d2c7efa575a7338ed5402972ae8772be4b0298d Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Wed, 17 Feb 2016 23:46:44 +0100 Subject: enable HTTP/2 by default if available --- mitmproxy/cmdline.py | 20 ++++++++------------ mitmproxy/console/__init__.py | 10 ++++++++++ mitmproxy/dump.py | 8 +++++++- mitmproxy/proxy/config.py | 5 +---- 4 files changed, 26 insertions(+), 17 deletions(-) diff --git a/mitmproxy/cmdline.py b/mitmproxy/cmdline.py index fedd4f13..3e9fa011 100644 --- a/mitmproxy/cmdline.py +++ b/mitmproxy/cmdline.py @@ -362,18 +362,14 @@ def proxy_options(parser): action="store", type=int, dest="port", default=8080, help="Proxy service port." ) - http2 = group.add_mutually_exclusive_group() - # !!! - # Watch out: We raise a RuntimeError in mitmproxy.proxy.config if http2 is enabled, - # but the OpenSSL version does not have ALPN support (which is the default on Ubuntu 14.04). - # Do not simply set --http2 as enabled by default. - # !!! - http2.add_argument("--http2", action="store_true", dest="http2") - http2.add_argument("--no-http2", action="store_false", dest="http2", - help="Explicitly enable/disable experimental HTTP2 support. " - "Disabled by default. " - "Default value will change in a future version." - ) + group.add_argument( + "--no-http2", + action="store_false", dest="http2", + help=""" + Explicitly disable HTTP/2 support. + If your OpenSSL version supports ALPN, HTTP/2 is enabled by default. + """ + ) rawtcp = group.add_mutually_exclusive_group() rawtcp.add_argument("--raw-tcp", action="store_true", dest="rawtcp") rawtcp.add_argument("--no-raw-tcp", action="store_false", dest="rawtcp", diff --git a/mitmproxy/console/__init__.py b/mitmproxy/console/__init__.py index e739ec61..c6b91e16 100644 --- a/mitmproxy/console/__init__.py +++ b/mitmproxy/console/__init__.py @@ -14,6 +14,8 @@ import traceback import urwid import weakref +from netlib import tcp + from .. import controller, flow, script, contentviews from . import flowlist, flowview, help, window, signals, options from . import grideditor, palettes, statusbar, palettepicker @@ -452,6 +454,14 @@ class ConsoleMaster(flow.FlowMaster): signals.update_settings.send() self.loop.set_alarm_in(0.01, self.ticker) + if not hasattr(self, 'http2_error_shown') and self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover + self.http2_error_shown = True + signals.status_message.send( + message="ALPN support missing (OpenSSL 1.0.2+ required). " + "HTTP/2 is disabled. Use --no-http2 to silence this warning.", + expire=5 + ) + def run(self): self.ui = urwid.raw_display.Screen() self.ui.set_terminal_properties(256) diff --git a/mitmproxy/dump.py b/mitmproxy/dump.py index 6dab2ddc..d7f076cf 100644 --- a/mitmproxy/dump.py +++ b/mitmproxy/dump.py @@ -1,9 +1,10 @@ from __future__ import absolute_import, print_function import traceback - +import sys import click import itertools +from netlib import tcp from netlib.http import CONTENT_MISSING import netlib.utils from . import flow, filt, contentviews @@ -72,6 +73,11 @@ class DumpMaster(flow.FlowMaster): self.set_stream_large_bodies(options.stream_large_bodies) + if self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover + print("ALPN support missing (OpenSSL 1.0.2+ required)!\n" + "HTTP/2 is disabled. Use --no-http2 to silence this warning.", + file=sys.stderr) + if options.filtstr: self.filt = filt.parse(options.filtstr) else: diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index a635ab19..490cf20c 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -56,7 +56,7 @@ class ProxyConfig: authenticator=None, ignore_hosts=tuple(), tcp_hosts=tuple(), - http2=False, + http2=True, rawtcp=False, ciphers_client=DEFAULT_CLIENT_CIPHERS, ciphers_server=None, @@ -180,9 +180,6 @@ def process_proxy_options(parser, options): parser.error("Certificate file does not exist: %s" % parts[1]) certs.append(parts) - if options.http2 and not tcp.HAS_ALPN: - raise RuntimeError("HTTP2 support requires OpenSSL 1.0.2 or above.") - return ProxyConfig( host=options.addr, port=options.port, -- cgit v1.2.3 From a635e04fbfb1623db25687bb04c022b32bd0ed2c Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Fri, 19 Feb 2016 12:16:55 +1300 Subject: console: slightly less hacky hack show http2 warning after first tick --- mitmproxy/console/__init__.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/mitmproxy/console/__init__.py b/mitmproxy/console/__init__.py index c6b91e16..f7e7b0d5 100644 --- a/mitmproxy/console/__init__.py +++ b/mitmproxy/console/__init__.py @@ -454,13 +454,6 @@ class ConsoleMaster(flow.FlowMaster): signals.update_settings.send() self.loop.set_alarm_in(0.01, self.ticker) - if not hasattr(self, 'http2_error_shown') and self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover - self.http2_error_shown = True - signals.status_message.send( - message="ALPN support missing (OpenSSL 1.0.2+ required). " - "HTTP/2 is disabled. Use --no-http2 to silence this warning.", - expire=5 - ) def run(self): self.ui = urwid.raw_display.Screen() @@ -491,6 +484,14 @@ class ConsoleMaster(flow.FlowMaster): sys.exit(1) self.loop.set_alarm_in(0.01, self.ticker) + if self.server.config.http2 and not tcp.HAS_ALPN: # pragma: no cover + def http2err(*args, **kwargs): + signals.status_message.send( + message = "HTTP/2 disabled - OpenSSL 1.0.2+ required." + " Use --no-http2 to silence this warning.", + expire=5 + ) + self.loop.set_alarm_in(0.01, http2err) # It's not clear why we need to handle this explicitly - without this, # mitmproxy hangs on keyboard interrupt. Remove if we ever figure it -- cgit v1.2.3