diff --git a/mitmproxy/protocol/tls.py b/mitmproxy/protocol/tls.py index 7b8b83011..6dc4f64bb 100644 --- a/mitmproxy/protocol/tls.py +++ b/mitmproxy/protocol/tls.py @@ -536,8 +536,8 @@ class TlsLayer(base.Layer): method=self.config.openssl_method_server, options=self.config.openssl_options_server, verify_options=self.config.openssl_verification_mode_server, - ca_path=self.config.openssl_trusted_cadir_server, - ca_pemfile=self.config.openssl_trusted_ca_server, + ca_path=self.config.options.ssl_verify_upstream_trusted_cadir, + ca_pemfile=self.config.options.ssl_verify_upstream_trusted_ca, cipher_list=ciphers_server, alpn_protos=alpn, ) diff --git a/mitmproxy/proxy/config.py b/mitmproxy/proxy/config.py index 201f70512..df7ca7ade 100644 --- a/mitmproxy/proxy/config.py +++ b/mitmproxy/proxy/config.py @@ -161,8 +161,6 @@ class ProxyConfig: self.upstream_server = parse_server_spec(options.upstream_server) if options.upstream_auth: self.upstream_auth = parse_upstream_auth(options.upstream_auth) - self.openssl_trusted_cadir_server = options.ssl_verify_upstream_trusted_cadir - self.openssl_trusted_ca_server = options.ssl_verify_upstream_trusted_ca def process_proxy_options(parser, options, args): diff --git a/test/mitmproxy/test_proxy.py b/test/mitmproxy/test_proxy.py index 16c4821cd..5cceb8c2d 100644 --- a/test/mitmproxy/test_proxy.py +++ b/test/mitmproxy/test_proxy.py @@ -149,12 +149,12 @@ class TestProcessProxyOptions: def test_upstream_trusted_cadir(self): expected_dir = "/path/to/a/ca/dir" p = self.assert_noerr("--upstream-trusted-cadir", expected_dir) - assert p.openssl_trusted_cadir_server == expected_dir + assert p.options.ssl_verify_upstream_trusted_cadir == expected_dir def test_upstream_trusted_ca(self): expected_file = "/path/to/a/cert/file" p = self.assert_noerr("--upstream-trusted-ca", expected_file) - assert p.openssl_trusted_ca_server == expected_file + assert p.options.ssl_verify_upstream_trusted_ca == expected_file class TestProxyServer: diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index 73e070ace..a64a8565e 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -369,14 +369,14 @@ class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxyTest): def test_verification_w_cadir(self): self.config.openssl_verification_mode_server = SSL.VERIFY_PEER - self.config.openssl_trusted_cadir_server = tutils.test_data.path( - "data/trusted-cadir/") - + self.config.options.ssl_verify_upstream_trusted_cadir = tutils.test_data.path( + "data/trusted-cadir/" + ) self.pathoc() def test_verification_w_pemfile(self): self.config.openssl_verification_mode_server = SSL.VERIFY_PEER - self.config.openssl_trusted_ca_server = tutils.test_data.path( + self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") self.pathoc() @@ -401,21 +401,21 @@ class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxyTest): def test_default_verification_w_bad_cert(self): """Should use no verification.""" - self.config.openssl_trusted_ca_server = tutils.test_data.path( + self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") assert self._request().status_code == 242 def test_no_verification_w_bad_cert(self): self.config.openssl_verification_mode_server = SSL.VERIFY_NONE - self.config.openssl_trusted_ca_server = tutils.test_data.path( + self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") assert self._request().status_code == 242 def test_verification_w_bad_cert(self): self.config.openssl_verification_mode_server = SSL.VERIFY_PEER - self.config.openssl_trusted_ca_server = tutils.test_data.path( + self.config.options.ssl_verify_upstream_trusted_ca = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") assert self._request().status_code == 502