diff --git a/libmproxy/protocol2/http_proxy.py b/libmproxy/protocol2/http_proxy.py index 8ac7ea8e8..b4c506cbd 100644 --- a/libmproxy/protocol2/http_proxy.py +++ b/libmproxy/protocol2/http_proxy.py @@ -1,7 +1,6 @@ from __future__ import (absolute_import, print_function, division) from .layer import Layer, ServerConnectionMixin -from .http import HttpLayer class HttpProxy(Layer, ServerConnectionMixin): @@ -22,3 +21,5 @@ class HttpUpstreamProxy(Layer, ServerConnectionMixin): for message in layer(): if not self._handle_server_message(message): yield message + +from .http import HttpLayer diff --git a/libmproxy/protocol2/tls.py b/libmproxy/protocol2/tls.py index 55cc97941..9ef72a78a 100644 --- a/libmproxy/protocol2/tls.py +++ b/libmproxy/protocol2/tls.py @@ -1,7 +1,9 @@ from __future__ import (absolute_import, print_function, division) import traceback + from netlib import tcp +import netlib.http.http2 from ..exceptions import ProtocolException from .layer import Layer, yield_from_callback @@ -151,7 +153,8 @@ class TlsLayer(Layer): handle_sni=self.__handle_sni, cipher_list=self.config.ciphers_client, dhparams=self.config.certstore.dhparams, - chain_file=chain_file + chain_file=chain_file, + alpn_select=netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2, # TODO: check if server is capable of h2 first ) except tcp.NetLibError as e: raise ProtocolException(repr(e), e) @@ -168,6 +171,9 @@ class TlsLayer(Layer): ca_path=self.config.openssl_trusted_cadir_server, ca_pemfile=self.config.openssl_trusted_ca_server, cipher_list=self.config.ciphers_server, + alpn_protos=[ + netlib.http.http1.HTTP1Protocol.ALPN_PROTO_HTTP1, + netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2], # TODO: read this from client_conn first ) tls_cert_err = self.server_conn.ssl_verification_error if tls_cert_err is not None: diff --git a/libmproxy/proxy/connection.py b/libmproxy/proxy/connection.py index 49210e474..d2b956f3d 100644 --- a/libmproxy/proxy/connection.py +++ b/libmproxy/proxy/connection.py @@ -1,6 +1,8 @@ from __future__ import absolute_import + import copy import os + from netlib import tcp, certutils from .. import stateobject, utils @@ -75,14 +77,14 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject): return f def convert_to_ssl(self, *args, **kwargs): - # TODO: read ALPN from server and select same proto for client conn - # alpn_select = 'h2' - # def alpn_select_callback(conn_, options): - # if alpn_select in options: - # return bytes(alpn_select) - # else: # pragma no cover - # return options[0] - # tcp.BaseHandler.convert_to_ssl(self, alpn_select=alpn_select_callback, *args, **kwargs) + if 'alpn_select' in kwargs: + alpn_select = kwargs['alpn_select'] + def alpn_select_callback(conn_, options): + if alpn_select in options: + return bytes(alpn_select) + else: # pragma no cover + return options[0] + kwargs['alpn_select'] = alpn_select_callback tcp.BaseHandler.convert_to_ssl(self, *args, **kwargs) self.timestamp_ssl_setup = utils.timestamp() @@ -184,9 +186,6 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject): if os.path.exists(path): clientcert = path - # TODO: read ALPN from client and use same list for server conn - # self.convert_to_ssl(cert=clientcert, sni=sni, alpn_protos=[netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2], **kwargs) - self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs) self.sni = sni self.timestamp_ssl_setup = utils.timestamp()