From 2dfba2105b4b5ad094ee364124c0552d2e4a4947 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Sat, 29 Aug 2015 12:34:01 +0200
Subject: move sslversion mapping to netlib

---
 libmproxy/cmdline.py      | 10 +++++-----
 libmproxy/proxy/config.py | 20 +-------------------
 2 files changed, 6 insertions(+), 24 deletions(-)

(limited to 'libmproxy')

diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py
index 1d897717..591e87ed 100644
--- a/libmproxy/cmdline.py
+++ b/libmproxy/cmdline.py
@@ -2,7 +2,7 @@ from __future__ import absolute_import
 import os
 import re
 import configargparse
-from netlib.tcp import Address
+from netlib.tcp import Address, sslversion_choices
 
 import netlib.utils
 
@@ -423,15 +423,15 @@ def proxy_ssl_options(parser):
     group.add_argument(
         "--ssl-version-client", dest="ssl_version_client",
         default="secure", action="store",
-        choices=config.sslversion_choices.keys(),
-        help="Set supported SSL/TLS version for client connections. "
+        choices=sslversion_choices.keys(),
+        help="Set supported SSL/TLS versions for client connections. "
              "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
     )
     group.add_argument(
         "--ssl-version-server", dest="ssl_version_server",
         default="secure", action="store",
-        choices=config.sslversion_choices.keys(),
-        help="Set supported SSL/TLS version for server connections. "
+        choices=sslversion_choices.keys(),
+        help="Set supported SSL/TLS versions for server connections. "
              "SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
     )
 
diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py
index 8ab5a216..415ee215 100644
--- a/libmproxy/proxy/config.py
+++ b/libmproxy/proxy/config.py
@@ -8,7 +8,7 @@ from netlib import certutils, tcp
 from netlib.http import authentication
 
 from .. import utils, platform
-from netlib.tcp import Address
+from netlib.tcp import Address, sslversion_choices
 
 CONF_BASENAME = "mitmproxy"
 CA_DIR = "~/.mitmproxy"
@@ -98,24 +98,6 @@ class ProxyConfig:
         self.openssl_trusted_ca_server = ssl_verify_upstream_trusted_ca
 
 
-"""
-Map a reasonable SSL version specification into the format OpenSSL expects.
-Don't ask...
-https://bugs.launchpad.net/pyopenssl/+bug/1020632/comments/3
-"""
-sslversion_choices = {
-    "all": (SSL.SSLv23_METHOD, 0),
-    # SSLv23_METHOD + NO_SSLv2 + NO_SSLv3 == TLS 1.0+
-    # TLSv1_METHOD would be TLS 1.0 only
-    "secure": (SSL.SSLv23_METHOD, (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)),
-    "SSLv2": (SSL.SSLv2_METHOD, 0),
-    "SSLv3": (SSL.SSLv3_METHOD, 0),
-    "TLSv1": (SSL.TLSv1_METHOD, 0),
-    "TLSv1_1": (SSL.TLSv1_1_METHOD, 0),
-    "TLSv1_2": (SSL.TLSv1_2_METHOD, 0),
-}
-
-
 def process_proxy_options(parser, options):
     body_size_limit = utils.parse_size(options.body_size_limit)
 
-- 
cgit v1.2.3