ProxyConfig: Refactor to move verification mode checks into configure

mitmproxy/proxy/config.py

@@ -102,27 +102,28 @@ class ProxyConfig:
         self.rawtcp = rawtcp
         self.authenticator = authenticator
 
-        self.openssl_method_client, self.openssl_options_client = \
+        self.check_ignore = None
-            tcp.sslversion_choices[options.ssl_version_client]
+        self.check_tcp = None
-        self.openssl_method_server, self.openssl_options_server = \
+        self.certstore = None
-            tcp.sslversion_choices[options.ssl_version_server]
+        self.clientcerts = None
+        self.openssl_verification_mode_server = None
+        self.configure(options)
+        options.changed.connect(self.configure)
 
+    def configure(self, options):
         if options.ssl_verify_upstream_cert:
             self.openssl_verification_mode_server = SSL.VERIFY_PEER
         else:
             self.openssl_verification_mode_server = SSL.VERIFY_NONE
 
-        self.check_ignore = None
-        self.check_tcp = None
-        self.certstore = None
-        self.clientcerts = None
-        self.configure(options)
-        options.changed.connect(self.configure)
-
-    def configure(self, options):
         self.check_ignore = HostMatcher(options.ignore_hosts)
         self.check_tcp = HostMatcher(options.tcp_hosts)
 
+        self.openssl_method_client, self.openssl_options_client = \
+            tcp.sslversion_choices[options.ssl_version_client]
+        self.openssl_method_server, self.openssl_options_server = \
+            tcp.sslversion_choices[options.ssl_version_server]
+
         certstore_path = os.path.expanduser(options.cadir)
         if not os.path.exists(os.path.dirname(certstore_path)):
             raise exceptions.OptionsError(

test/mitmproxy/test_server.py

@@ -368,10 +368,12 @@ class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxyTest):
         ])
 
     def test_verification_w_cadir(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
+        self.config.options.update(
-        self.config.options.ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
+            ssl_verify_upstream_cert = True,
+            ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
                 "data/trusted-cadir/"
             )
+        )
         self.pathoc()
 
     def test_verification_w_pemfile(self):
@@ -401,23 +403,29 @@ class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxyTest):
 
     def test_default_verification_w_bad_cert(self):
         """Should use no verification."""
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+        self.config.options.update(
-            "data/trusted-cadir/trusted-ca.pem")
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 242
 
     def test_no_verification_w_bad_cert(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_NONE
+        self.config.options.update(
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+            ssl_verify_upstream_cert = False,
-            "data/trusted-cadir/trusted-ca.pem")
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 242
 
     def test_verification_w_bad_cert(self):
-        self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
+        self.config.options.update(
-        self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
+            ssl_verify_upstream_cert = True,
-            "data/trusted-cadir/trusted-ca.pem")
+            ssl_verify_upstream_trusted_ca = tutils.test_data.path(
-
+                "data/trusted-cadir/trusted-ca.pem"
+            )
+        )
         assert self._request().status_code == 502