Merge remote-tracking branch 'Kriechi/proxy-refactor' into proxy-refactor

2024-11-27 02:24:18 +00:00 · 2015-08-15 20:22:45 +02:00 · 2015-08-15 20:22:45 +02:00 · a175572447
commit a175572447
parent 2a15479cdb a9dd82c986
3 changed files with 19 additions and 13 deletions
--- a/libmproxy/protocol2/http_proxy.py
+++ b/libmproxy/protocol2/http_proxy.py
@ -1,7 +1,6 @@
 from __future__ import (absolute_import, print_function, division)

 from .layer import Layer, ServerConnectionMixin
-from .http import HttpLayer


 class HttpProxy(Layer, ServerConnectionMixin):
@ -22,3 +21,5 @@ class HttpUpstreamProxy(Layer, ServerConnectionMixin):
        for message in layer():
            if not self._handle_server_message(message):
                yield message
+
+from .http import HttpLayer
--- a/libmproxy/protocol2/tls.py
+++ b/libmproxy/protocol2/tls.py
@ -1,7 +1,9 @@
 from __future__ import (absolute_import, print_function, division)

 import traceback
+
 from netlib import tcp
+import netlib.http.http2

 from ..exceptions import ProtocolException
 from .layer import Layer, yield_from_callback
@ -151,7 +153,8 @@ class TlsLayer(Layer):
                handle_sni=self.__handle_sni,
                cipher_list=self.config.ciphers_client,
                dhparams=self.config.certstore.dhparams,
-                chain_file=chain_file
+                chain_file=chain_file,
+                alpn_select=netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2,  # TODO: check if server is capable of h2 first
            )
        except tcp.NetLibError as e:
            raise ProtocolException(repr(e), e)
@ -168,6 +171,9 @@ class TlsLayer(Layer):
                ca_path=self.config.openssl_trusted_cadir_server,
                ca_pemfile=self.config.openssl_trusted_ca_server,
                cipher_list=self.config.ciphers_server,
+                alpn_protos=[
+                    netlib.http.http1.HTTP1Protocol.ALPN_PROTO_HTTP1,
+                    netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2],  # TODO: read this from client_conn first
            )
            tls_cert_err = self.server_conn.ssl_verification_error
            if tls_cert_err is not None:
--- a/libmproxy/proxy/connection.py
+++ b/libmproxy/proxy/connection.py
@ -1,6 +1,8 @@
 from __future__ import absolute_import
+
 import copy
 import os
+
 from netlib import tcp, certutils
 from .. import stateobject, utils

@ -75,14 +77,14 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
        return f

    def convert_to_ssl(self, *args, **kwargs):
-        # TODO: read ALPN from server and select same proto for client conn
-        # alpn_select = 'h2'
-        # def alpn_select_callback(conn_, options):
-        #     if alpn_select in options:
-        #         return bytes(alpn_select)
-        #     else:  # pragma no cover
-        #         return options[0]
-        # tcp.BaseHandler.convert_to_ssl(self, alpn_select=alpn_select_callback, *args, **kwargs)
+        if 'alpn_select' in kwargs:
+            alpn_select = kwargs['alpn_select']
+            def alpn_select_callback(conn_, options):
+                if alpn_select in options:
+                    return bytes(alpn_select)
+                else:  # pragma no cover
+                    return options[0]
+            kwargs['alpn_select'] = alpn_select_callback

        tcp.BaseHandler.convert_to_ssl(self, *args, **kwargs)
        self.timestamp_ssl_setup = utils.timestamp()
@ -184,9 +186,6 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
            if os.path.exists(path):
                clientcert = path

-        # TODO: read ALPN from client and use same list for server conn
-        # self.convert_to_ssl(cert=clientcert, sni=sni, alpn_protos=[netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2], **kwargs)
-
        self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs)
        self.sni = sni
        self.timestamp_ssl_setup = utils.timestamp()