Test SNI for transparent mode.

2024-11-26 10:16:27 +00:00 · 2013-03-02 15:06:49 +13:00 · 2013-03-02 15:06:49 +13:00 · a95d78438c
commit a95d78438c
parent 10db82e9a0
3 changed files with 25 additions and 12 deletions
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@ -140,6 +140,13 @@ class ProxyHandler(tcp.BaseHandler):
        tcp.BaseHandler.__init__(self, connection, client_address, server)

    def get_server_connection(self, cc, scheme, host, port, sni):
+        """
+            When SNI is in play, this means we have an SSL-encrypted
+            connection, which means that the entire handler is dedicated to a
+            single server connection - no multiplexing. If this assumption ever
+            breaks, we'll have to do something different with the SNI host
+            variable on the handler object.
+        """
        sc = self.server_conn
        if not sni:
            sni = host
@ -329,7 +336,6 @@ class ProxyHandler(tcp.BaseHandler):
                raise ProxyError(400, str(v))
        else:
            scheme = "http"
-        host = self.sni or host
        line = self.get_line(self.rfile)
        if line == "":
            return None
--- a/test/test_server.py
+++ b/test/test_server.py
@ -160,6 +160,12 @@ class TestTransparent(tservers.TransparentProxTest, CommonMixin):
 class TestTransparentSSL(tservers.TransparentProxTest, CommonMixin):
    transparent = True
    ssl = True
+    def test_sni(self):
+        f = self.pathod("304", sni="testserver.com")
+        assert f.status_code == 304
+        l = self.server.last_log()
+        assert self.server.last_log()["request"]["sni"] == "testserver.com"
+


 class TestProxy(tservers.HTTPProxTest):
--- a/test/tservers.py
+++ b/test/tservers.py
@ -172,23 +172,24 @@ class TransparentProxTest(ProxTestBase):
        )
        return d

-    def pathod(self, spec):
+    def pathod(self, spec, sni=None):
        """
-            Constructs a pathod request, with the appropriate base and proxy.
+            Constructs a pathod GET request, with the appropriate base and proxy.
        """
-        r = hurl.get(
-            "%s://127.0.0.1:%s"%(self.scheme, self.proxy.port) + "/p/" + spec,
-            validate_cert=False,
-            #debug=hurl.utils.stdout_debug
-        )
-        return r
+        if self.ssl:
+            p = self.pathoc(sni=sni)
+            q = "get:'/p/%s'"%spec
+        else:
+            p = self.pathoc()
+            q = "get:'/p/%s'"%spec
+        return p.request(q)

-    def pathoc(self, connect= None):
+    def pathoc(self, sni=None):
        """
            Returns a connected Pathoc instance.
        """
-        p = libpathod.pathoc.Pathoc("localhost", self.proxy.port)
-        p.connect(connect_to)
+        p = libpathod.pathoc.Pathoc("localhost", self.proxy.port, ssl=self.ssl, sni=sni)
+        p.connect()
        return p