Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 00:01:36 +00:00
Code Issues Projects Releases Wiki Activity

fix #1476

Browse Source
This commit is contained in:
Thomas Kriechbaumer 2016-08-16 10:39:07 +02:00
parent bfe22e739c
commit 516e64a8fa
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
mitmproxy/protocol/tls.py
View File

@ -369,8 +369,10 @@ class TlsLayer(base.Layer):
not self.config.options.no_upstream_cert and not self.config.options.no_upstream_cert and
( (
self.config.options.add_upstream_certs_to_client_chain or self.config.options.add_upstream_certs_to_client_chain or
self._client_hello.alpn_protocols or self._client_tls and (
not self._client_hello.sni self._client_hello.alpn_protocols or
not self._client_hello.sni
)
) )
) )
establish_server_tls_now = ( establish_server_tls_now = (
@ -434,7 +436,7 @@ class TlsLayer(base.Layer):
if self._custom_server_sni is False: if self._custom_server_sni is False:
return None return None
else: else:
return self._custom_server_sni or self._client_hello.sni return self._custom_server_sni or self._client_hello and self._client_hello.sni
@property @property
def alpn_for_client_connection(self): def alpn_for_client_connection(self):
@ -509,21 +511,18 @@ class TlsLayer(base.Layer):
def _establish_tls_with_server(self): def _establish_tls_with_server(self):
self.log("Establish TLS with server", "debug") self.log("Establish TLS with server", "debug")
try: try:
# We only support http/1.1 and h2. alpn = None
# If the server only supports spdy (next to http/1.1), it may select that if self._client_tls:
# and mitmproxy would enter TCP passthrough mode, which we want to avoid. if self._client_hello.alpn_protocols:
def deprecated_http2_variant(x): # We only support http/1.1 and h2.
return x.startswith(b"h2-") or x.startswith(b"spdy") # If the server only supports spdy (next to http/1.1), it may select that
# and mitmproxy would enter TCP passthrough mode, which we want to avoid.
if self._client_hello.alpn_protocols: alpn = [x for x in self._client_hello.alpn_protocols if not (x.startswith(b"h2-") or x.startswith(b"spdy"))]
alpn = [x for x in self._client_hello.alpn_protocols if not deprecated_http2_variant(x)] if alpn and b"h2" in alpn and not self.config.options.http2:
else: alpn.remove(b"h2")
alpn = None
if alpn and b"h2" in alpn and not self.config.options.http2:
alpn.remove(b"h2")
ciphers_server = self.config.options.ciphers_server ciphers_server = self.config.options.ciphers_server
if not ciphers_server: if not ciphers_server and self._client_tls:
ciphers_server = [] ciphers_server = []
for id in self._client_hello.cipher_suites: for id in self._client_hello.cipher_suites:
if id in CIPHER_ID_NAME_MAP.keys(): if id in CIPHER_ID_NAME_MAP.keys():
@ -562,7 +561,8 @@ class TlsLayer(base.Layer):
sys.exc_info()[2] sys.exc_info()[2]
) )
self.log("ALPN selected by server: %s" % self.alpn_for_client_connection, "debug") proto = self.alpn_for_client_connection.decode() if self.alpn_for_client_connection else '-'
self.log("ALPN selected by server: {}".format(proto), "debug")
def _find_cert(self): def _find_cert(self):
""" """