Merge remote-tracking branch 'Kriechi/proxy-refactor' into proxy-refactor

libmproxy/protocol2/http_proxy.py

@@ -1,7 +1,6 @@
 from __future__ import (absolute_import, print_function, division)
 
 from .layer import Layer, ServerConnectionMixin
-from .http import HttpLayer
 
 
 class HttpProxy(Layer, ServerConnectionMixin):
@@ -22,3 +21,5 @@ class HttpUpstreamProxy(Layer, ServerConnectionMixin):
         for message in layer():
             if not self._handle_server_message(message):
                 yield message
+
+from .http import HttpLayer

libmproxy/protocol2/tls.py

@@ -1,7 +1,9 @@
 from __future__ import (absolute_import, print_function, division)
 
 import traceback
+
 from netlib import tcp
+import netlib.http.http2
 
 from ..exceptions import ProtocolException
 from .layer import Layer, yield_from_callback
@@ -151,7 +153,8 @@ class TlsLayer(Layer):
                 handle_sni=self.__handle_sni,
                 cipher_list=self.config.ciphers_client,
                 dhparams=self.config.certstore.dhparams,
-                chain_file=chain_file
+                chain_file=chain_file,
+                alpn_select=netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2,  # TODO: check if server is capable of h2 first
             )
         except tcp.NetLibError as e:
             raise ProtocolException(repr(e), e)
@@ -168,6 +171,9 @@ class TlsLayer(Layer):
                 ca_path=self.config.openssl_trusted_cadir_server,
                 ca_pemfile=self.config.openssl_trusted_ca_server,
                 cipher_list=self.config.ciphers_server,
+                alpn_protos=[
+                    netlib.http.http1.HTTP1Protocol.ALPN_PROTO_HTTP1,
+                    netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2],  # TODO: read this from client_conn first
             )
             tls_cert_err = self.server_conn.ssl_verification_error
             if tls_cert_err is not None:

libmproxy/proxy/connection.py

@@ -1,6 +1,8 @@
 from __future__ import absolute_import
+
 import copy
 import os
+
 from netlib import tcp, certutils
 from .. import stateobject, utils
 
@@ -75,14 +77,14 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
         return f
 
     def convert_to_ssl(self, *args, **kwargs):
-        # TODO: read ALPN from server and select same proto for client conn
+        if 'alpn_select' in kwargs:
-        # alpn_select = 'h2'
+            alpn_select = kwargs['alpn_select']
-        # def alpn_select_callback(conn_, options):
+            def alpn_select_callback(conn_, options):
-        #     if alpn_select in options:
+                if alpn_select in options:
-        #         return bytes(alpn_select)
+                    return bytes(alpn_select)
-        #     else:  # pragma no cover
+                else:  # pragma no cover
-        #         return options[0]
+                    return options[0]
-        # tcp.BaseHandler.convert_to_ssl(self, alpn_select=alpn_select_callback, *args, **kwargs)
+            kwargs['alpn_select'] = alpn_select_callback
 
         tcp.BaseHandler.convert_to_ssl(self, *args, **kwargs)
         self.timestamp_ssl_setup = utils.timestamp()
@@ -184,9 +186,6 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
             if os.path.exists(path):
                 clientcert = path
 
-        # TODO: read ALPN from client and use same list for server conn
-        # self.convert_to_ssl(cert=clientcert, sni=sni, alpn_protos=[netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2], **kwargs)
-
         self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs)
         self.sni = sni
         self.timestamp_ssl_setup = utils.timestamp()