From 26fa88a338c96a9e57fdbf3943a8936eaac4c5c7 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Tue, 19 Jul 2016 13:23:54 +1200
Subject: [PATCH] ProxyConfig: Refactor to move verification mode checks into
 configure

---
 mitmproxy/proxy/config.py     | 25 ++++++++++++------------
 test/mitmproxy/test_server.py | 36 +++++++++++++++++++++--------------
 2 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py
index 58c7d1c68..2bf044a0f 100644
--- a/mitmproxy/proxy/config.py
+++ b/mitmproxy/proxy/config.py
@@ -102,27 +102,28 @@ class ProxyConfig:
         self.rawtcp = rawtcp
         self.authenticator = authenticator
 
-        self.openssl_method_client, self.openssl_options_client = \
-            tcp.sslversion_choices[options.ssl_version_client]
-        self.openssl_method_server, self.openssl_options_server = \
-            tcp.sslversion_choices[options.ssl_version_server]
+        self.check_ignore = None
+        self.check_tcp = None
+        self.certstore = None
+        self.clientcerts = None
+        self.openssl_verification_mode_server = None
+        self.configure(options)
+        options.changed.connect(self.configure)
 
+    def configure(self, options):
         if options.ssl_verify_upstream_cert:
             self.openssl_verification_mode_server = SSL.VERIFY_PEER
         else:
             self.openssl_verification_mode_server = SSL.VERIFY_NONE
 
-        self.check_ignore = None
-        self.check_tcp = None
-        self.certstore = None
-        self.clientcerts = None
-        self.configure(options)
-        options.changed.connect(self.configure)
-
-    def configure(self, options):
         self.check_ignore = HostMatcher(options.ignore_hosts)
         self.check_tcp = HostMatcher(options.tcp_hosts)
 
+        self.openssl_method_client, self.openssl_options_client = \
+            tcp.sslversion_choices[options.ssl_version_client]
+        self.openssl_method_server, self.openssl_options_server = \
+            tcp.sslversion_choices[options.ssl_version_server]
+
         certstore_path = os.path.expanduser(options.cadir)
         if not os.path.exists(os.path.dirname(certstore_path)):
             raise exceptions.OptionsError(
diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py
index a64a8565e..f036fefdc 100644
--- a/test/mitmproxy/test_server.py
+++ b/test/mitmproxy/test_server.py
@@ -368,9 +368,11 @@ class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxyTest):
         ])
 
     def test_verification_w_cadir(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
-        self.config.options.ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
-            "data/trusted-cadir/"
+        self.config.options.update(
+            ssl_verify_upstream_cert = True,
+            ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
+                "data/trusted-cadir/"
+            )
         )
         self.pathoc()
 
@@ -401,23 +403,29 @@ class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxyTest):
 
     def test_default_verification_w_bad_cert(self):
         """Should use no verification."""
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-            "data/trusted-cadir/trusted-ca.pem")
-
+        self.config.options.update(
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 242
 
     def test_no_verification_w_bad_cert(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_NONE
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-            "data/trusted-cadir/trusted-ca.pem")
-
+        self.config.options.update(
+            ssl_verify_upstream_cert = False,
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 242
 
     def test_verification_w_bad_cert(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-            "data/trusted-cadir/trusted-ca.pem")
-
+        self.config.options.update(
+            ssl_verify_upstream_cert = True,
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 502