mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 10:16:27 +00:00
[sans-io] tls: handle invalid clienthellos
This commit is contained in:
parent
6cf0bec912
commit
b075b7fc15
@ -327,7 +327,9 @@ class ClientTLSLayer(_TLSLayer):
|
||||
try:
|
||||
client_hello = parse_client_hello(self.recv_buffer)
|
||||
except ValueError as e:
|
||||
raise NotImplementedError from e # TODO
|
||||
yield commands.Log(f"Cannot parse ClientHello: {self.recv_buffer.hex()}")
|
||||
yield commands.CloseConnection(client)
|
||||
return
|
||||
|
||||
if client_hello:
|
||||
client.sni = client_hello.sni
|
||||
@ -378,9 +380,13 @@ class ClientTLSLayer(_TLSLayer):
|
||||
dest = self.context.client.sni.decode("idna")
|
||||
else:
|
||||
dest = human.format_address(self.context.server.address)
|
||||
if "Unknown CA" in err:
|
||||
keyword = "does not"
|
||||
else:
|
||||
keyword = "may not"
|
||||
yield commands.Log(
|
||||
f"Client TLS Handshake failed. "
|
||||
f"The client may not trust the proxy's certificate for {dest} ({err}).",
|
||||
f"The client {keyword} trust the proxy's certificate for {dest} ({err}).",
|
||||
level="warn"
|
||||
)
|
||||
yield commands.CloseConnection(self.context.client)
|
||||
|
@ -428,3 +428,17 @@ class TestClientTLS:
|
||||
assert tctx.server.alpn == b"quux"
|
||||
_test_echo(playbook, tssl_server, tctx.server)
|
||||
_test_echo(playbook, tssl_client, tctx.client)
|
||||
|
||||
def test_cannot_parse_clienthello(self, tctx: context.Context):
|
||||
"""We have a client layer, but we only receive garbage."""
|
||||
playbook, client_layer = _make_client_tls_layer(tctx)
|
||||
|
||||
invalid = b"\x16\x03\x01\x00\x00"
|
||||
|
||||
assert (
|
||||
playbook
|
||||
>> events.DataReceived(tctx.client, invalid)
|
||||
<< commands.Log(f"Cannot parse ClientHello: {invalid.hex()}")
|
||||
<< commands.CloseConnection(tctx.client)
|
||||
)
|
||||
assert not tctx.client.tls_established
|
||||
|
Loading…
Reference in New Issue
Block a user