This commit is contained in:
Maximilian Hils 2015-02-27 09:17:41 +01:00
parent c9240812d9
commit 81a274eb51
3 changed files with 39 additions and 3 deletions

View File

@ -285,6 +285,11 @@ class ConnectionHandler:
if sni != self.server_conn.sni: if sni != self.server_conn.sni:
self.log("SNI received: %s" % sni, "debug") self.log("SNI received: %s" % sni, "debug")
# We should only re-establish upstream SSL if one of the following conditions is true:
# - We established SSL with the server previously
# - We initially wanted to establish SSL with the server,
# but the server refused to negotiate without SNI.
if self.server_conn.ssl_established or hasattr(self.server_conn, "may_require_sni"):
self.server_reconnect(sni) # reconnect to upstream server with SNI self.server_reconnect(sni) # reconnect to upstream server with SNI
# Now, change client context to reflect changed certificate: # Now, change client context to reflect changed certificate:
cert, key, chain_file = self.find_cert() cert, key, chain_file = self.find_cert()

View File

@ -1,5 +1,6 @@
import socket, time import socket, time
from libmproxy.proxy.config import HostMatcher from libmproxy.proxy.config import HostMatcher
import libpathod
from netlib import tcp, http_auth, http from netlib import tcp, http_auth, http
from libpathod import pathoc, pathod from libpathod import pathoc, pathod
from netlib.certutils import SSLCert from netlib.certutils import SSLCert
@ -332,6 +333,36 @@ class TestReverse(tservers.ReverseProxTest, CommonMixin, TcpMixin):
reverse = True reverse = True
class TestHttps2Http(tservers.ReverseProxTest):
@classmethod
def get_proxy_config(cls):
d = super(TestHttps2Http, cls).get_proxy_config()
d["upstream_server"][0] = True
return d
def pathoc(self, ssl, sni=None):
"""
Returns a connected Pathoc instance.
"""
p = libpathod.pathoc.Pathoc(("localhost", self.proxy.port), ssl=ssl, sni=sni)
p.connect()
return p
def test_all(self):
p = self.pathoc(ssl=True)
assert p.request("get:'/p/200'").status_code == 200
def test_sni(self):
p = self.pathoc(ssl=True, sni="example.com")
assert p.request("get:'/p/200'").status_code == 200
assert all("Error in handle_sni" not in msg for msg in self.proxy.log)
def test_http(self):
p = self.pathoc(ssl=False)
assert p.request("get:'/p/200'").status_code == 400
class TestTransparent(tservers.TransparentProxTest, CommonMixin, TcpMixin): class TestTransparent(tservers.TransparentProxTest, CommonMixin, TcpMixin):
ssl = False ssl = False

View File

@ -218,12 +218,12 @@ class ReverseProxTest(ProxTestBase):
@classmethod @classmethod
def get_proxy_config(cls): def get_proxy_config(cls):
d = ProxTestBase.get_proxy_config() d = ProxTestBase.get_proxy_config()
d["upstream_server"] = ( d["upstream_server"] = [
True if cls.ssl else False, True if cls.ssl else False,
True if cls.ssl else False, True if cls.ssl else False,
"127.0.0.1", "127.0.0.1",
cls.server.port cls.server.port
) ]
d["mode"] = "reverse" d["mode"] = "reverse"
return d return d