mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-23 00:01:36 +00:00
ProxyConfig: Refactor to move verification mode checks into configure
This commit is contained in:
parent
77bf092bcd
commit
26fa88a338
@ -102,27 +102,28 @@ class ProxyConfig:
|
||||
self.rawtcp = rawtcp
|
||||
self.authenticator = authenticator
|
||||
|
||||
self.openssl_method_client, self.openssl_options_client = \
|
||||
tcp.sslversion_choices[options.ssl_version_client]
|
||||
self.openssl_method_server, self.openssl_options_server = \
|
||||
tcp.sslversion_choices[options.ssl_version_server]
|
||||
self.check_ignore = None
|
||||
self.check_tcp = None
|
||||
self.certstore = None
|
||||
self.clientcerts = None
|
||||
self.openssl_verification_mode_server = None
|
||||
self.configure(options)
|
||||
options.changed.connect(self.configure)
|
||||
|
||||
def configure(self, options):
|
||||
if options.ssl_verify_upstream_cert:
|
||||
self.openssl_verification_mode_server = SSL.VERIFY_PEER
|
||||
else:
|
||||
self.openssl_verification_mode_server = SSL.VERIFY_NONE
|
||||
|
||||
self.check_ignore = None
|
||||
self.check_tcp = None
|
||||
self.certstore = None
|
||||
self.clientcerts = None
|
||||
self.configure(options)
|
||||
options.changed.connect(self.configure)
|
||||
|
||||
def configure(self, options):
|
||||
self.check_ignore = HostMatcher(options.ignore_hosts)
|
||||
self.check_tcp = HostMatcher(options.tcp_hosts)
|
||||
|
||||
self.openssl_method_client, self.openssl_options_client = \
|
||||
tcp.sslversion_choices[options.ssl_version_client]
|
||||
self.openssl_method_server, self.openssl_options_server = \
|
||||
tcp.sslversion_choices[options.ssl_version_server]
|
||||
|
||||
certstore_path = os.path.expanduser(options.cadir)
|
||||
if not os.path.exists(os.path.dirname(certstore_path)):
|
||||
raise exceptions.OptionsError(
|
||||
|
@ -368,9 +368,11 @@ class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxyTest):
|
||||
])
|
||||
|
||||
def test_verification_w_cadir(self):
|
||||
self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
|
||||
self.config.options.ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
|
||||
"data/trusted-cadir/"
|
||||
self.config.options.update(
|
||||
ssl_verify_upstream_cert = True,
|
||||
ssl_verify_upstream_trusted_cadir = tutils.test_data.path(
|
||||
"data/trusted-cadir/"
|
||||
)
|
||||
)
|
||||
self.pathoc()
|
||||
|
||||
@ -401,23 +403,29 @@ class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxyTest):
|
||||
|
||||
def test_default_verification_w_bad_cert(self):
|
||||
"""Should use no verification."""
|
||||
self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
|
||||
"data/trusted-cadir/trusted-ca.pem")
|
||||
|
||||
self.config.options.update(
|
||||
ssl_verify_upstream_trusted_ca = tutils.test_data.path(
|
||||
"data/trusted-cadir/trusted-ca.pem"
|
||||
)
|
||||
)
|
||||
assert self._request().status_code == 242
|
||||
|
||||
def test_no_verification_w_bad_cert(self):
|
||||
self.config.openssl_verification_mode_server = SSL.VERIFY_NONE
|
||||
self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
|
||||
"data/trusted-cadir/trusted-ca.pem")
|
||||
|
||||
self.config.options.update(
|
||||
ssl_verify_upstream_cert = False,
|
||||
ssl_verify_upstream_trusted_ca = tutils.test_data.path(
|
||||
"data/trusted-cadir/trusted-ca.pem"
|
||||
)
|
||||
)
|
||||
assert self._request().status_code == 242
|
||||
|
||||
def test_verification_w_bad_cert(self):
|
||||
self.config.openssl_verification_mode_server = SSL.VERIFY_PEER
|
||||
self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path(
|
||||
"data/trusted-cadir/trusted-ca.pem")
|
||||
|
||||
self.config.options.update(
|
||||
ssl_verify_upstream_cert = True,
|
||||
ssl_verify_upstream_trusted_ca = tutils.test_data.path(
|
||||
"data/trusted-cadir/trusted-ca.pem"
|
||||
)
|
||||
)
|
||||
assert self._request().status_code == 502
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user