From 75b7b743c41a4af7e2537f7865ca837f4ca2eba5 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Sat, 8 Aug 2020 01:22:21 +0200
Subject: [PATCH] [sans-io] fix tls tests

---
 test/mitmproxy/proxy2/layers/test_tls.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/mitmproxy/proxy2/layers/test_tls.py b/test/mitmproxy/proxy2/layers/test_tls.py
index b2602964a..c06b40864 100644
--- a/test/mitmproxy/proxy2/layers/test_tls.py
+++ b/test/mitmproxy/proxy2/layers/test_tls.py
@@ -126,7 +126,6 @@ def interact(playbook: tutils.Playbook, conn: context.Connection, tssl: SSLTest)
     )
     tssl.inc.write(data())
 
-
 def reply_tls_start(alpn: typing.Optional[bytes] = None, *args, **kwargs) -> tutils.reply:
     """
     Helper function to simplify the syntax for tls_start hooks.
@@ -151,11 +150,13 @@ def reply_tls_start(alpn: typing.Optional[bytes] = None, *args, **kwargs) -> tut
             else:
                 ssl_context.set_alpn_protos([alpn])
 
-        tls_start.ssl_conn = SSL.Connection(ssl_context)
-
         if tls_start.conn == tls_start.context.client:
+            tls_start.ssl_conn = SSL.Connection(ssl_context)
             tls_start.ssl_conn.set_accept_state()
         else:
+            ssl_context.set_verify(SSL.VERIFY_PEER)
+
+            tls_start.ssl_conn = SSL.Connection(ssl_context)
             tls_start.ssl_conn.set_connect_state()
             # Set SNI
             tls_start.ssl_conn.set_tlsext_host_name(tls_start.conn.sni)
@@ -174,7 +175,6 @@ def reply_tls_start(alpn: typing.Optional[bytes] = None, *args, **kwargs) -> tut
             SSL._openssl_assert(
                 SSL._lib.X509_VERIFY_PARAM_set1_host(param, tls_start.conn.sni, 0) == 1
             )
-            SSL._lib.SSL_set_verify(tls_start.ssl_conn._ssl, SSL.VERIFY_PEER, SSL._ffi.NULL)
 
     return tutils.reply(*args, side_effect=make_conn, **kwargs)