mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-23 00:01:36 +00:00
Rename 'server' to 'upstream' in identifiers related to the AddServerCertsToClientChain feature
This commit is contained in:
parent
02e378486b
commit
9cc55f211f
@ -436,10 +436,10 @@ def proxy_ssl_options(parser):
|
||||
)
|
||||
subgroup = group.add_mutually_exclusive_group()
|
||||
subgroup.add_argument(
|
||||
"--add-server-certs-to-client-chain", default=False,
|
||||
action="store_true", dest="add_server_certs_to_client_chain",
|
||||
help="Add all the certificates of the server to the certificate chain "
|
||||
"that will be served to the client, as extras."
|
||||
"--add-upstream-certs-to-client-chain", default=False,
|
||||
action="store_true", dest="add_upstream_certs_to_client_chain",
|
||||
help="Add all certificates of the upstream server to the certificate chain "
|
||||
"that will be served to the proxy client, as extras."
|
||||
)
|
||||
subgroup.add_argument(
|
||||
"--verify-upstream-cert", default=False,
|
||||
|
@ -432,7 +432,7 @@ class TlsLayer(Layer):
|
||||
self.log("Establish TLS with client", "debug")
|
||||
cert, key, chain_file = self._find_cert()
|
||||
|
||||
if self.config.add_server_certs_to_client_chain:
|
||||
if self.config.add_upstream_certs_to_client_chain:
|
||||
extra_certs = self.server_conn.server_certs
|
||||
else:
|
||||
extra_certs = None
|
||||
|
@ -67,7 +67,7 @@ class ProxyConfig:
|
||||
ssl_verify_upstream_cert=False,
|
||||
ssl_verify_upstream_trusted_cadir=None,
|
||||
ssl_verify_upstream_trusted_ca=None,
|
||||
add_server_certs_to_client_chain=False,
|
||||
add_upstream_certs_to_client_chain=False,
|
||||
):
|
||||
self.host = host
|
||||
self.port = port
|
||||
@ -108,7 +108,7 @@ class ProxyConfig:
|
||||
self.openssl_verification_mode_server = SSL.VERIFY_NONE
|
||||
self.openssl_trusted_cadir_server = ssl_verify_upstream_trusted_cadir
|
||||
self.openssl_trusted_ca_server = ssl_verify_upstream_trusted_ca
|
||||
self.add_server_certs_to_client_chain = add_server_certs_to_client_chain
|
||||
self.add_upstream_certs_to_client_chain = add_upstream_certs_to_client_chain
|
||||
|
||||
|
||||
def process_proxy_options(parser, options):
|
||||
@ -209,5 +209,5 @@ def process_proxy_options(parser, options):
|
||||
ssl_verify_upstream_cert=options.ssl_verify_upstream_cert,
|
||||
ssl_verify_upstream_trusted_cadir=options.ssl_verify_upstream_trusted_cadir,
|
||||
ssl_verify_upstream_trusted_ca=options.ssl_verify_upstream_trusted_ca,
|
||||
add_server_certs_to_client_chain=options.add_server_certs_to_client_chain,
|
||||
add_upstream_certs_to_client_chain=options.add_upstream_certs_to_client_chain,
|
||||
)
|
||||
|
@ -1001,7 +1001,7 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest):
|
||||
assert self.chain[1].tmaster.state.flow_count() == 2
|
||||
|
||||
|
||||
class AddServerCertsToClientChainMixin:
|
||||
class AddUpstreamCertsToClientChainMixin:
|
||||
|
||||
ssl = True
|
||||
servercert = tutils.test_data.path("data/trusted-server.crt")
|
||||
@ -1012,30 +1012,30 @@ class AddServerCertsToClientChainMixin:
|
||||
]
|
||||
)
|
||||
|
||||
def test_add_server_certs_to_client_chain(self):
|
||||
def test_add_upstream_certs_to_client_chain(self):
|
||||
with open(self.servercert, "rb") as f:
|
||||
d = f.read()
|
||||
c1 = SSLCert.from_pem(d)
|
||||
upstreamCert = SSLCert.from_pem(d)
|
||||
p = self.pathoc()
|
||||
server_cert_found_in_client_chain = False
|
||||
for cert in p.server_certs:
|
||||
if cert.digest('sha256') == c1.digest('sha256'):
|
||||
server_cert_found_in_client_chain = True
|
||||
upstream_cert_found_in_client_chain = False
|
||||
for receivedCert in p.server_certs:
|
||||
if receivedCert.digest('sha256') == upstreamCert.digest('sha256'):
|
||||
upstream_cert_found_in_client_chain = True
|
||||
break
|
||||
assert(server_cert_found_in_client_chain == self.add_server_certs_to_client_chain)
|
||||
assert(upstream_cert_found_in_client_chain == self.add_upstream_certs_to_client_chain)
|
||||
|
||||
|
||||
class TestHTTPSAddServerCertsToClientChainTrue(AddServerCertsToClientChainMixin, tservers.HTTPProxyTest):
|
||||
class TestHTTPSAddUpstreamCertsToClientChainTrue(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest):
|
||||
|
||||
"""
|
||||
If --add-server-certs-to-client-chain is True, then the client should receive the upstream server's certificates
|
||||
"""
|
||||
add_server_certs_to_client_chain = True
|
||||
add_upstream_certs_to_client_chain = True
|
||||
|
||||
|
||||
class TestHTTPSAddServerCertsToClientChainFalse(AddServerCertsToClientChainMixin, tservers.HTTPProxyTest):
|
||||
class TestHTTPSAddUpstreamCertsToClientChainFalse(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest):
|
||||
|
||||
"""
|
||||
If --add-server-certs-to-client-chain is False, then the client should not receive the upstream server's certificates
|
||||
"""
|
||||
add_server_certs_to_client_chain = False
|
||||
add_upstream_certs_to_client_chain = False
|
||||
|
@ -86,7 +86,7 @@ class ProxyTestBase(object):
|
||||
no_upstream_cert = False
|
||||
authenticator = None
|
||||
masterclass = TestMaster
|
||||
add_server_certs_to_client_chain = False
|
||||
add_upstream_certs_to_client_chain = False
|
||||
|
||||
@classmethod
|
||||
def setup_class(cls):
|
||||
@ -130,7 +130,7 @@ class ProxyTestBase(object):
|
||||
no_upstream_cert = cls.no_upstream_cert,
|
||||
cadir = cls.cadir,
|
||||
authenticator = cls.authenticator,
|
||||
add_server_certs_to_client_chain = cls.add_server_certs_to_client_chain,
|
||||
add_upstream_certs_to_client_chain = cls.add_upstream_certs_to_client_chain,
|
||||
)
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user