diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index 58c7d1c68..2bf044a0f 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -102,27 +102,28 @@ class ProxyConfig: self.rawtcp = rawtcp self.authenticator = authenticator - self.openssl_method_client, self.openssl_options_client = \ - tcp.sslversion_choices[options.ssl_version_client] - self.openssl_method_server, self.openssl_options_server = \ - tcp.sslversion_choices[options.ssl_version_server] + self.check_ignore = None + self.check_tcp = None + self.certstore = None + self.clientcerts = None + self.openssl_verification_mode_server = None + self.configure(options) + options.changed.connect(self.configure) + def configure(self, options): if options.ssl_verify_upstream_cert: self.openssl_verification_mode_server = SSL.VERIFY_PEER else: self.openssl_verification_mode_server = SSL.VERIFY_NONE - self.check_ignore = None - self.check_tcp = None - self.certstore = None - self.clientcerts = None - self.configure(options) - options.changed.connect(self.configure) - - def configure(self, options): self.check_ignore = HostMatcher(options.ignore_hosts) self.check_tcp = HostMatcher(options.tcp_hosts) + self.openssl_method_client, self.openssl_options_client = \ + tcp.sslversion_choices[options.ssl_version_client] + self.openssl_method_server, self.openssl_options_server = \ + tcp.sslversion_choices[options.ssl_version_server] + certstore_path = os.path.expanduser(options.cadir) if not os.path.exists(os.path.dirname(certstore_path)): raise exceptions.OptionsError( diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index a64a8565e..f036fefdc 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -368,9 +368,11 @@ class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxyTest): ]) def test_verification_w_cadir(self): - self.config.openssl_verification_mode_server = SSL.VERIFY_PEER - self.config.options.ssl_verify_upstream_trusted_cadir = tutils.test_data.path( - "data/trusted-cadir/" + self.config.options.update( + ssl_verify_upstream_cert = True, + ssl_verify_upstream_trusted_cadir = tutils.test_data.path( + "data/trusted-cadir/" + ) ) self.pathoc() @@ -401,23 +403,29 @@ class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxyTest): def test_default_verification_w_bad_cert(self): """Should use no verification.""" - self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( - "data/trusted-cadir/trusted-ca.pem") - + self.config.options.update( + ssl_verify_upstream_trusted_ca = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem" + ) + ) assert self._request().status_code == 242 def test_no_verification_w_bad_cert(self): - self.config.openssl_verification_mode_server = SSL.VERIFY_NONE - self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( - "data/trusted-cadir/trusted-ca.pem") - + self.config.options.update( + ssl_verify_upstream_cert = False, + ssl_verify_upstream_trusted_ca = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem" + ) + ) assert self._request().status_code == 242 def test_verification_w_bad_cert(self): - self.config.openssl_verification_mode_server = SSL.VERIFY_PEER - self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( - "data/trusted-cadir/trusted-ca.pem") - + self.config.options.update( + ssl_verify_upstream_cert = True, + ssl_verify_upstream_trusted_ca = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem" + ) + ) assert self._request().status_code == 502