diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/mitmproxy/test_server.py | 40 | ||||
| -rw-r--r-- | test/mitmproxy/tservers.py | 2 |
2 files changed, 42 insertions, 0 deletions
diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index d7b23bbb..26e53e8a 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -999,3 +999,43 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest): # (both terminated) # nothing happened here assert self.chain[1].tmaster.state.flow_count() == 2 + + +class AddUpstreamCertsToClientChainMixin: + + ssl = True + servercert = tutils.test_data.path("data/trusted-server.crt") + ssloptions = pathod.SSLOptions( + cn="trusted-cert", + certs=[ + ("trusted-cert", servercert) + ] + ) + + def test_add_upstream_certs_to_client_chain(self): + with open(self.servercert, "rb") as f: + d = f.read() + upstreamCert = SSLCert.from_pem(d) + p = self.pathoc() + upstream_cert_found_in_client_chain = False + for receivedCert in p.server_certs: + if receivedCert.digest('sha256') == upstreamCert.digest('sha256'): + upstream_cert_found_in_client_chain = True + break + assert(upstream_cert_found_in_client_chain == self.add_upstream_certs_to_client_chain) + + +class TestHTTPSAddUpstreamCertsToClientChainTrue(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest): + + """ + If --add-server-certs-to-client-chain is True, then the client should receive the upstream server's certificates + """ + add_upstream_certs_to_client_chain = True + + +class TestHTTPSAddUpstreamCertsToClientChainFalse(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest): + + """ + If --add-server-certs-to-client-chain is False, then the client should not receive the upstream server's certificates + """ + add_upstream_certs_to_client_chain = False diff --git a/test/mitmproxy/tservers.py b/test/mitmproxy/tservers.py index b7b5de9e..4fa519cc 100644 --- a/test/mitmproxy/tservers.py +++ b/test/mitmproxy/tservers.py @@ -86,6 +86,7 @@ class ProxyTestBase(object): no_upstream_cert = False authenticator = None masterclass = TestMaster + add_upstream_certs_to_client_chain = False @classmethod def setup_class(cls): @@ -129,6 +130,7 @@ class ProxyTestBase(object): no_upstream_cert = cls.no_upstream_cert, cadir = cls.cadir, authenticator = cls.authenticator, + add_upstream_certs_to_client_chain = cls.add_upstream_certs_to_client_chain, ) |