Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-22 15:37:45 +00:00
Code Issues Projects Releases Wiki Activity

rename TLS/SSL-related functions

Browse Source 
SSL is an outdated protocol superseeded by TLS. Although the commonly
used library is called OpenSSL, it is no reason to still use outdated
language for function names.
This commit is contained in:
Thomas Kriechbaumer 2018-01-06 10:43:33 +01:00
parent 9aae3213b9
commit d15e96dee1
19 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mitmproxy/certs.py
View File

@ -436,7 +436,7 @@ class SSLCert(serializable.Serializable):
Returns:
All DNS altnames.
"""
# tcp.TCPClient.convert_to_ssl assumes that this property only contains DNS altnames for hostname verification.
# tcp.TCPClient.convert_to_tls assumes that this property only contains DNS altnames for hostname verification.
altnames = []
for i in range(self.x509.get_extension_count()):
ext = self.x509.get_extension(i)

8
mitmproxy/connections.py
View File

@ -127,8 +127,8 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
tls_version=None,
))
def convert_to_ssl(self, cert, *args, **kwargs):
super().convert_to_ssl(cert, *args, **kwargs)
def convert_to_tls(self, cert, *args, **kwargs):
super().convert_to_tls(cert, *args, **kwargs)
self.timestamp_tls_setup = time.time()
self.mitmcert = cert
sni = self.connection.get_servername()
@ -261,7 +261,7 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
self.wfile.write(message)
self.wfile.flush()
def establish_ssl(self, clientcerts, sni, **kwargs):
def establish_tls(self, clientcerts, sni, **kwargs):
if sni and not isinstance(sni, str):
raise ValueError("sni must be str, not " + type(sni).__name__)
clientcert = None
@ -275,7 +275,7 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
if os.path.exists(path):
clientcert = path
self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs)
self.convert_to_tls(cert=clientcert, sni=sni, **kwargs)
self.sni = sni
self.alpn_proto_negotiated = self.get_alpn_proto_negotiated()
self.tls_version = self.connection.get_protocol_version_name()

4
mitmproxy/net/tcp.py
View File

@ -381,7 +381,7 @@ class TCPClient(_Connection):
else:
close_socket(self.connection)
def convert_to_ssl(self, sni=None, alpn_protos=None, **sslctx_kwargs):
def convert_to_tls(self, sni=None, alpn_protos=None, **sslctx_kwargs):
context = tls.create_client_context(
alpn_protos=alpn_protos,
sni=sni,
@ -491,7 +491,7 @@ class BaseHandler(_Connection):
self.server = server
self.clientcert = None
def convert_to_ssl(self, cert, key, **sslctx_kwargs):
def convert_to_tls(self, cert, key, **sslctx_kwargs):
"""
Convert connection to SSL.
For a list of parameters, see tls.create_server_context(...)

4
mitmproxy/proxy/protocol/http_replay.py
View File

@ -75,7 +75,7 @@ class RequestReplayThread(basethread.BaseThread):
)
if resp.status_code != 200:
raise exceptions.ReplayException("Upstream server refuses CONNECT request")
server.establish_ssl(
server.establish_tls(
self.options.client_certs,
sni=self.f.server_conn.sni
)
@ -90,7 +90,7 @@ class RequestReplayThread(basethread.BaseThread):
)
server.connect()
if r.scheme == "https":
server.establish_ssl(
server.establish_tls(
self.options.client_certs,
sni=self.f.server_conn.sni
)

4
mitmproxy/proxy/protocol/tls.py
View File

@ -487,7 +487,7 @@ class TlsLayer(base.Layer):
extra_certs = None
try:
self.client_conn.convert_to_ssl(
self.client_conn.convert_to_tls(
cert, key,
method=self.config.openssl_method_client,
options=self.config.openssl_options_client,
@ -543,7 +543,7 @@ class TlsLayer(base.Layer):
ciphers_server.append(CIPHER_ID_NAME_MAP[id])
ciphers_server = ':'.join(ciphers_server)
self.server_conn.establish_ssl(
self.server_conn.establish_tls(
self.config.client_certs,
self.server_sni,
method=self.config.openssl_method_server,

2
pathod/pathoc.py
View File

@ -313,7 +313,7 @@ class Pathoc(tcp.TCPClient):
if self.use_http2:
alpn_protos.append(b'h2')
self.convert_to_ssl(
self.convert_to_tls(
sni=self.sni,
cert=self.clientcert,
method=self.ssl_version,

2
pathod/pathod.py
View File

@ -244,7 +244,7 @@ class PathodHandler(tcp.BaseHandler):
if self.server.ssl:
try:
cert, key, _ = self.server.ssloptions.get_cert(None)
self.convert_to_ssl(
self.convert_to_tls(
cert,
key,
handle_sni=self.handle_sni,

2
pathod/protocols/http.py
View File

@ -27,7 +27,7 @@ class HTTPProtocol:
cert, key, chain_file_ = self.pathod_handler.server.ssloptions.get_cert(
connect[0].encode()
)
self.pathod_handler.convert_to_ssl(
self.pathod_handler.convert_to_tls(
cert,
key,
handle_sni=self.pathod_handler.handle_sni,

52
test/mitmproxy/net/test_tcp.py
View File

@ -178,7 +178,7 @@ class TestServerSSL(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com", options=SSL.OP_ALL)
c.convert_to_tls(sni="foo.com", options=SSL.OP_ALL)
testval = b"echo!\n"
c.wfile.write(testval)
c.wfile.flush()
@ -188,7 +188,7 @@ class TestServerSSL(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
assert not c.get_current_cipher()
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
ret = c.get_current_cipher()
assert ret
assert "AES" in ret[0]
@ -205,7 +205,7 @@ class TestSSLv3Only(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
class TestInvalidTrustFile(tservers.ServerTestBase):
@ -213,7 +213,7 @@ class TestInvalidTrustFile(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/generate.py")
@ -231,7 +231,7 @@ class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
def test_mode_default_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Verification errors should be saved even if connection isn't aborted
# aborted
@ -245,7 +245,7 @@ class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
def test_mode_none_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(verify=SSL.VERIFY_NONE)
c.convert_to_tls(verify=SSL.VERIFY_NONE)
# Verification errors should be saved even if connection isn't aborted
assert c.ssl_verification_error
@ -259,7 +259,7 @@ class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.InvalidCertificateException):
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
@ -284,7 +284,7 @@ class TestSSLUpstreamCertVerificationWBadHostname(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(
c.convert_to_tls(
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
)
@ -292,7 +292,7 @@ class TestSSLUpstreamCertVerificationWBadHostname(tservers.ServerTestBase):
def test_mode_none_should_pass_without_sni(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
verify=SSL.VERIFY_NONE,
ca_path=tutils.test_data.path("mitmproxy/net/data/verificationcerts/")
)
@ -303,7 +303,7 @@ class TestSSLUpstreamCertVerificationWBadHostname(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.InvalidCertificateException):
c.convert_to_ssl(
c.convert_to_tls(
sni="mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
@ -322,7 +322,7 @@ class TestSSLUpstreamCertVerificationWValidCertChain(tservers.ServerTestBase):
def test_mode_strict_w_pemfile_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
@ -338,7 +338,7 @@ class TestSSLUpstreamCertVerificationWValidCertChain(tservers.ServerTestBase):
def test_mode_strict_w_cadir_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_path=tutils.test_data.path("mitmproxy/net/data/verificationcerts/")
@ -372,7 +372,7 @@ class TestSSLClientCert(tservers.ServerTestBase):
def test_clientcert(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
cert=tutils.test_data.path("mitmproxy/net/data/clientcert/client.pem"))
assert c.rfile.readline().strip() == b"1"
@ -380,7 +380,7 @@ class TestSSLClientCert(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(cert=tutils.test_data.path("mitmproxy/net/data/clientcert/make"))
c.convert_to_tls(cert=tutils.test_data.path("mitmproxy/net/data/clientcert/make"))
class TestSNI(tservers.ServerTestBase):
@ -400,14 +400,14 @@ class TestSNI(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
assert c.sni == "foo.com"
assert c.rfile.readline() == b"foo.com"
def test_idn(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="mitmproxyäöüß.example.com")
c.convert_to_tls(sni="mitmproxyäöüß.example.com")
assert c.tls_established
assert "doesn't match" not in str(c.ssl_verification_error)
@ -421,7 +421,7 @@ class TestServerCipherList(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
expected = b"['AES256-GCM-SHA384']"
assert c.rfile.read(len(expected) + 2) == expected
@ -442,7 +442,7 @@ class TestServerCurrentCipher(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
assert b'AES256-GCM-SHA384' in c.rfile.readline()
@ -456,7 +456,7 @@ class TestServerCipherListError(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(Exception, match="handshake error"):
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
class TestClientCipherListError(tservers.ServerTestBase):
@ -469,7 +469,7 @@ class TestClientCipherListError(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(Exception, match="cipher specification"):
c.convert_to_ssl(sni="foo.com", cipher_list="bogus")
c.convert_to_tls(sni="foo.com", cipher_list="bogus")
class TestSSLDisconnect(tservers.ServerTestBase):
@ -484,7 +484,7 @@ class TestSSLDisconnect(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Excercise SSL.ZeroReturnError
c.rfile.read(10)
c.close()
@ -501,7 +501,7 @@ class TestSSLHardDisconnect(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Exercise SSL.SysCallError
c.rfile.read(10)
c.close()
@ -565,7 +565,7 @@ class TestALPNClient(tservers.ServerTestBase):
def test_alpn(self, monkeypatch, alpn_protos, expected_negotiated, expected_response):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(alpn_protos=alpn_protos)
c.convert_to_tls(alpn_protos=alpn_protos)
assert c.get_alpn_proto_negotiated() == expected_negotiated
assert c.rfile.readline().strip() == expected_response
@ -587,7 +587,7 @@ class TestSSLTimeOut(tservers.ServerTestBase):
def test_timeout_client(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
c.settimeout(0.1)
with pytest.raises(exceptions.TcpTimeout):
c.rfile.read(10)
@ -605,7 +605,7 @@ class TestDHParams(tservers.ServerTestBase):
def test_dhparams(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
ret = c.get_current_cipher()
assert ret[0] == "DHE-RSA-AES256-SHA"
@ -801,5 +801,5 @@ class TestPeekSSL(TestPeek):
def _connect(self, c):
with c.connect() as conn:
c.convert_to_ssl()
c.convert_to_tls()
return conn.pop()

2
test/mitmproxy/net/test_tls.py
View File

@ -22,7 +22,7 @@ class TestMasterSecretLogger(tservers.ServerTestBase):
c = TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
c.wfile.write(testval)
c.wfile.flush()
assert c.rfile.readline() == testval

2
test/mitmproxy/net/tools/getcertnames
View File

@ -7,7 +7,7 @@ from mitmproxy.net import tcp
def get_remote_cert(host, port, sni):
c = tcp.TCPClient((host, port))
c.connect()
c.convert_to_ssl(sni=sni)
c.convert_to_tls(sni=sni)
return c.cert
if len(sys.argv) > 2:

2
test/mitmproxy/net/tservers.py
View File

@ -60,7 +60,7 @@ class _TServer(tcp.TCPServer):
else:
method = OpenSSL.SSL.SSLv23_METHOD
options = None
h.convert_to_ssl(
h.convert_to_tls(
cert,
key,
method=method,

2
test/mitmproxy/proxy/protocol/test_http2.py
View File

@ -141,7 +141,7 @@ class _Http2TestBase:
while self.client.rfile.readline() != b"\r\n":
pass
self.client.convert_to_ssl(alpn_protos=[b'h2'])
self.client.convert_to_tls(alpn_protos=[b'h2'])
config = h2.config.H2Configuration(
client_side=True,

2
test/mitmproxy/proxy/protocol/test_websocket.py
View File

@ -101,7 +101,7 @@ class _WebSocketTestBase:
response = http.http1.read_response(self.client.rfile, request)
if self.ssl:
self.client.convert_to_ssl()
self.client.convert_to_tls()
assert self.client.tls_established
request = http.Request(

2
test/mitmproxy/proxy/test_server.py
View File

@ -579,7 +579,7 @@ class TestSocks5SSL(tservers.SocksModeTest):
p = self.pathoc_raw()
with p.connect():
p.socks_connect(("localhost", self.server.port))
p.convert_to_ssl()
p.convert_to_tls()
f = p.request("get:/p/200")
assert f.status_code == 200

6
test/mitmproxy/test_connections.py
View File

@ -155,7 +155,7 @@ class TestServerConnection:
def test_sni(self):
c = connections.ServerConnection(('', 1234))
with pytest.raises(ValueError, matches='sni must be str, not '):
c.establish_ssl(None, b'foobar')
c.establish_tls(None, b'foobar')
def test_state(self):
c = tflow.tserver_conn()
@ -206,7 +206,7 @@ class TestClientConnectionTLS:
key = OpenSSL.crypto.load_privatekey(
OpenSSL.crypto.FILETYPE_PEM,
raw_key)
c.convert_to_ssl(cert, key)
c.convert_to_tls(cert, key)
assert c.connected()
assert c.sni == sni
assert c.tls_established
@ -230,7 +230,7 @@ class TestServerConnectionTLS(tservers.ServerTestBase):
def test_tls(self, clientcert):
c = connections.ServerConnection(("127.0.0.1", self.port))
c.connect()
c.establish_ssl(clientcert, "foo.com")
c.establish_tls(clientcert, "foo.com")
assert c.connected()
assert c.sni == "foo.com"
assert c.tls_established

16
test/pathod/protocols/test_http2.py
View File

@ -75,7 +75,7 @@ class TestCheckALPNMatch(net_tservers.ServerTestBase):
def test_check_alpn(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(alpn_protos=[b'h2'])
c.convert_to_tls(alpn_protos=[b'h2'])
protocol = HTTP2StateProtocol(c)
assert protocol.check_alpn()
@ -89,7 +89,7 @@ class TestCheckALPNMismatch(net_tservers.ServerTestBase):
def test_check_alpn(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(alpn_protos=[b'h2'])
c.convert_to_tls(alpn_protos=[b'h2'])
protocol = HTTP2StateProtocol(c)
with pytest.raises(NotImplementedError):
protocol.check_alpn()
@ -207,7 +207,7 @@ class TestApplySettings(net_tservers.ServerTestBase):
def test_apply_settings(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c)
protocol._apply_settings({
@ -302,7 +302,7 @@ class TestReadRequest(net_tservers.ServerTestBase):
def test_read_request(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c, is_server=True)
protocol.connection_preface_performed = True
@ -328,7 +328,7 @@ class TestReadRequestRelative(net_tservers.ServerTestBase):
def test_asterisk_form(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c, is_server=True)
protocol.connection_preface_performed = True
@ -351,7 +351,7 @@ class TestReadRequestAbsolute(net_tservers.ServerTestBase):
def test_absolute_form(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c, is_server=True)
protocol.connection_preface_performed = True
@ -378,7 +378,7 @@ class TestReadResponse(net_tservers.ServerTestBase):
def test_read_response(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c)
protocol.connection_preface_performed = True
@ -404,7 +404,7 @@ class TestReadEmptyResponse(net_tservers.ServerTestBase):
def test_read_empty_response(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c)
protocol.connection_preface_performed = True

8
test/pathod/test_pathoc.py
View File

@ -238,11 +238,11 @@ class TestDaemonHTTP2(PathocTestDaemon):
http2_skip_connection_preface=True,
)
tmp_convert_to_ssl = c.convert_to_ssl
c.convert_to_ssl = Mock()
c.convert_to_ssl.side_effect = tmp_convert_to_ssl
tmp_convert_to_tls = c.convert_to_tls
c.convert_to_tls = Mock()
c.convert_to_tls.side_effect = tmp_convert_to_tls
with c.connect():
_, kwargs = c.convert_to_ssl.call_args
_, kwargs = c.convert_to_tls.call_args
assert set(kwargs['alpn_protos']) == set([b'http/1.1', b'h2'])
def test_request(self):

4
test/pathod/test_pathod.py
View File

@ -153,7 +153,7 @@ class CommonTests(tservers.DaemonTests):
c = tcp.TCPClient(("localhost", self.d.port))
with c.connect():
if self.ssl:
c.convert_to_ssl()
c.convert_to_tls()
c.wfile.write(b"foo\n\n\n")
c.wfile.flush()
l = self.d.last_log()
@ -241,7 +241,7 @@ class TestDaemonSSL(CommonTests):
with c.connect():
c.wfile.write(b"\0\0\0\0")
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl()
c.convert_to_tls()
l = self.d.last_log()
assert l["type"] == "error"
assert "SSL" in l["msg"]