Merge pull request #2469 from Kriechi/nuke-old-openssl

nuke old openssl
This commit is contained in:
Maximilian Hils 2017-07-25 21:57:54 +02:00 committed by GitHub
commit d409a6c09a
15 changed files with 109 additions and 244 deletions

View File

@ -1,7 +1,6 @@
from mitmproxy.addons import allowremote from mitmproxy.addons import allowremote
from mitmproxy.addons import anticache from mitmproxy.addons import anticache
from mitmproxy.addons import anticomp from mitmproxy.addons import anticomp
from mitmproxy.addons import check_alpn
from mitmproxy.addons import check_ca from mitmproxy.addons import check_ca
from mitmproxy.addons import clientplayback from mitmproxy.addons import clientplayback
from mitmproxy.addons import core_option_validation from mitmproxy.addons import core_option_validation
@ -29,7 +28,6 @@ def default_addons():
allowremote.AllowRemote(), allowremote.AllowRemote(),
anticache.AntiCache(), anticache.AntiCache(),
anticomp.AntiComp(), anticomp.AntiComp(),
check_alpn.CheckALPN(),
check_ca.CheckCA(), check_ca.CheckCA(),
clientplayback.ClientPlayback(), clientplayback.ClientPlayback(),
cut.Cut(), cut.Cut(),

View File

@ -1,17 +0,0 @@
import mitmproxy
from mitmproxy.net import tcp
from mitmproxy import ctx
class CheckALPN:
def __init__(self):
self.failed = False
def configure(self, updated):
self.failed = mitmproxy.ctx.master.options.http2 and not tcp.HAS_ALPN
if self.failed:
ctx.log.warn(
"HTTP/2 is disabled because ALPN support missing!\n"
"OpenSSL 1.0.2+ required to support HTTP/2 connections.\n"
"Use --no-http2 to silence this warning."
)

View File

@ -14,18 +14,12 @@ from typing import Optional # noqa
from mitmproxy.utils import strutils from mitmproxy.utils import strutils
import certifi import certifi
import OpenSSL
from OpenSSL import SSL from OpenSSL import SSL
from mitmproxy import certs from mitmproxy import certs
from mitmproxy.utils import version_check
from mitmproxy import exceptions from mitmproxy import exceptions
from mitmproxy.types import basethread from mitmproxy.types import basethread
# This is a rather hackish way to make sure that
# the latest version of pyOpenSSL is actually installed.
version_check.check_pyopenssl_version()
socket_fileobject = socket.SocketIO socket_fileobject = socket.SocketIO
# workaround for https://bugs.python.org/issue29515 # workaround for https://bugs.python.org/issue29515
@ -33,7 +27,6 @@ socket_fileobject = socket.SocketIO
IPPROTO_IPV6 = getattr(socket, "IPPROTO_IPV6", 41) IPPROTO_IPV6 = getattr(socket, "IPPROTO_IPV6", 41)
EINTR = 4 EINTR = 4
HAS_ALPN = SSL._lib.Cryptography_HAS_ALPN
# To enable all SSL methods use: SSLv23 # To enable all SSL methods use: SSLv23
# then add options to disable certain methods # then add options to disable certain methods
@ -503,7 +496,6 @@ class _Connection:
if cipher_list: if cipher_list:
try: try:
context.set_cipher_list(cipher_list.encode()) context.set_cipher_list(cipher_list.encode())
context.set_tmp_ecdh(OpenSSL.crypto.get_elliptic_curve('prime256v1'))
except SSL.Error as v: except SSL.Error as v:
raise exceptions.TlsException("SSL cipher specification error: %s" % str(v)) raise exceptions.TlsException("SSL cipher specification error: %s" % str(v))
@ -511,7 +503,6 @@ class _Connection:
if log_ssl_key: if log_ssl_key:
context.set_info_callback(log_ssl_key) context.set_info_callback(log_ssl_key)
if HAS_ALPN: # pragma: openssl-old no cover
if alpn_protos is not None: if alpn_protos is not None:
# advertise application layer protocols # advertise application layer protocols
context.set_alpn_protos(alpn_protos) context.set_alpn_protos(alpn_protos)
@ -720,7 +711,7 @@ class TCPClient(_Connection):
return self.connection.gettimeout() return self.connection.gettimeout()
def get_alpn_proto_negotiated(self): def get_alpn_proto_negotiated(self):
if HAS_ALPN and self.ssl_established: # pragma: openssl-old no cover if self.ssl_established:
return self.connection.get_alpn_proto_negotiated() return self.connection.get_alpn_proto_negotiated()
else: else:
return b"" return b""
@ -827,7 +818,7 @@ class BaseHandler(_Connection):
self.connection.settimeout(n) self.connection.settimeout(n)
def get_alpn_proto_negotiated(self): def get_alpn_proto_negotiated(self):
if HAS_ALPN and self.ssl_established: # pragma: openssl-old no cover if self.ssl_established:
return self.connection.get_alpn_proto_negotiated() return self.connection.get_alpn_proto_negotiated()
else: else:
return b"" return b""

View File

@ -16,7 +16,6 @@ from mitmproxy import exceptions # noqa
from mitmproxy import options # noqa from mitmproxy import options # noqa
from mitmproxy import optmanager # noqa from mitmproxy import optmanager # noqa
from mitmproxy import proxy # noqa from mitmproxy import proxy # noqa
from mitmproxy.utils import version_check # noqa
from mitmproxy.utils import debug # noqa from mitmproxy.utils import debug # noqa
@ -58,7 +57,6 @@ def run(MasterKlass, args, extra=None): # pragma: no cover
extra: Extra argument processing callable which returns a dict of extra: Extra argument processing callable which returns a dict of
options. options.
""" """
version_check.check_pyopenssl_version()
debug.register_info_dumpers() debug.register_info_dumpers()
opts = options.Options() opts = options.Options()

View File

@ -1,42 +0,0 @@
"""
Having installed a wrong version of pyOpenSSL is unfortunately a very common
source of error. Check before every start that both versions are somewhat okay.
"""
import sys
import inspect
import os.path
import OpenSSL
PYOPENSSL_MIN_VERSION = (16, 0)
def check_pyopenssl_version(min_version=PYOPENSSL_MIN_VERSION, fp=sys.stderr):
min_version_str = ".".join(str(x) for x in min_version)
try:
v = tuple(int(x) for x in OpenSSL.__version__.split(".")[:2])
except ValueError:
print(
"Cannot parse pyOpenSSL version: {}"
"mitmproxy requires pyOpenSSL {} or greater.".format(
OpenSSL.__version__, min_version_str
),
file=fp
)
return
if v < min_version:
print(
"You are using an outdated version of pyOpenSSL: "
"mitmproxy requires pyOpenSSL {} or greater.".format(min_version_str),
file=fp
)
# Some users apparently have multiple versions of pyOpenSSL installed.
# Report which one we got.
pyopenssl_path = os.path.dirname(inspect.getfile(OpenSSL))
print(
"Your pyOpenSSL {} installation is located at {}".format(
OpenSSL.__version__, pyopenssl_path
),
file=fp
)
sys.exit(1)

View File

@ -223,14 +223,6 @@ class Pathoc(tcp.TCPClient):
self.ws_framereader = None self.ws_framereader = None
if self.use_http2: if self.use_http2:
if not tcp.HAS_ALPN: # pragma: no cover
log.write_raw(
self.fp,
"HTTP/2 requires ALPN support. "
"Please use OpenSSL >= 1.0.2. "
"Pathoc might not be working as expected without ALPN.",
timestamp=False
)
self.protocol = http2.HTTP2StateProtocol(self, dump_frames=self.http2_framedump) self.protocol = http2.HTTP2StateProtocol(self, dump_frames=self.http2_framedump)
else: else:
self.protocol = net_http.http1 self.protocol = net_http.http1

View File

@ -1,15 +1,8 @@
import os import os
import pytest import pytest
import OpenSSL
import mitmproxy.net.tcp
pytest_plugins = ('test.full_coverage_plugin',) pytest_plugins = ('test.full_coverage_plugin',)
requires_alpn = pytest.mark.skipif(
not mitmproxy.net.tcp.HAS_ALPN,
reason='requires OpenSSL with ALPN support')
skip_windows = pytest.mark.skipif( skip_windows = pytest.mark.skipif(
os.name == "nt", os.name == "nt",
reason='Skipping due to Windows' reason='Skipping due to Windows'
@ -24,9 +17,3 @@ skip_appveyor = pytest.mark.skipif(
"APPVEYOR" in os.environ, "APPVEYOR" in os.environ,
reason='Skipping due to Appveyor' reason='Skipping due to Appveyor'
) )
@pytest.fixture()
def disable_alpn(monkeypatch):
monkeypatch.setattr(mitmproxy.net.tcp, 'HAS_ALPN', False)
monkeypatch.setattr(OpenSSL.SSL._lib, 'Cryptography_HAS_ALPN', False)

View File

@ -1,23 +0,0 @@
from mitmproxy.addons import check_alpn
from mitmproxy.test import taddons
from ...conftest import requires_alpn
class TestCheckALPN:
@requires_alpn
def test_check_alpn(self):
msg = 'ALPN support missing'
with taddons.context() as tctx:
a = check_alpn.CheckALPN()
tctx.configure(a)
assert not tctx.master.has_log(msg)
def test_check_no_alpn(self, disable_alpn):
msg = 'ALPN support missing'
with taddons.context() as tctx:
a = check_alpn.CheckALPN()
tctx.configure(a)
assert tctx.master.has_log(msg)

View File

@ -1,20 +1,84 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAKVJ43C+8SjOvN9/pP/8HwzmHGQmRvdK/R6KlWdr7He6iiXDQNfH MIIJKgIBAAKCAgEA4Jut+R51opC773ToeUhwJOVGnpxNqzZTDMImO141WPvKMjMs
RAp+gqX0hBRT80eRjGhSmTTBLCWiXVny4UUCAwEAAQJAUQ8nZ0d85VJd9g2XUaLH i15f0U3OKqK8YERDfDzaAbgqz6MNgqc8QbNJ0e9VxtMUzTkCwSlbDHMFgZNyXVRX
Z4ACNGtBKk2wTKYSFyIqWZxsF5qhh7HGshJIAP6tYiX8ZW+mMSfme+zsJzWe8ChL OQEBJ/fTMlU+LimOH38QY0orifdAHH+kPUYIiqTBzgJvCy8w1o4hGSlzf2HW400d
gQIhAM8QpAgUHnNteZvkv0XqceX1GILEWifMt+hO9yTp4dY5AiEAzFnKr77CKCri mlRSJEVgBj6nXQENbVxmxf6f9H19eWpnLuP5aJIwP4LEsGdqLP0ESnWfZVPIAiEs
/DPig4R/5q4KMpMx9EqJufHdGNmIA20CICMARxnufK86RCIr6oEg/hvG8Fu6YRr1 LuYkhbRXqiuJfnc1am8LexzLi4VQMCw0K4Tm1lTbapcnOUakO6orQvX7MOEKYBU+
Kekk3/XnavtRAiBVLVQ7vwKE5aNpRmMzOKZrS736aLpYvjz8IaFr+zgjXQIgdad5 ogGGby0MyOTaCkuUFi0YdTtU4DEdWJ9HfogRO/uG1325/8/T+tq8RgOkp9cUvjU3
QZoTD49NTyMEgyZp70gTXcXQLrX2PgQKL4uNmoU= ONqpLZC6zs0YR8OzlTbXClmV+Mr6d1qEb3jk6zWlLykLVozOS3z5vdVxpbJqM/Ct
HporAA0cSer2EGtN68OB3Hy3Bh7MPjqpSFSJ1uTQ755jS3qOzwggoQFCz2dBmfyi
7nOGHFW4h/5NaF1mnIlJJVnJIZajSNl9e6klGeXmJv4ZtiqJd/CG0jTUnGWOTimu
kSmxVNcWs2vFjwQhuRJwawzGo7O1gZPkq3/0/F+yLp5karmRJs8sQ/JDvGL4rW5Y
qW7u1WuYQeHYHscfPwf0be8teKWcURIqBoHPxdJV3s9zf8Y/AN9OFFdPqwcCAwEA
AQKCAgEAtdHQV2Ws3FhFimYc+nEFNxjSvfrRdNOZDy7rPAvbK5lH6LM8T+WpswlE
54as71DTQHMSF2o6XbMkcKtoP9ce3u7bhQPCRw7rh+ouZjmGL4pofdyUbvS9NtmL
Aae3mi7RefWmEnosHJcmMuuwzFkw+Oq+aEHYGjmtU0Hi0TeY43kUNxRp7lBr3ii6
vtNhMAx2Dh1KpOSmH4imVe8ob/DkKR6OKBt3lUVh0eFP4+arjZ7wvaiU17I9xm5i
uMJdnx5pAyu5I4P/0YWtkBF4efIv2zj+FZ8ehWMF97adJqtxF/RULcuE1Chf5weU
3dtEFilwSzNeJShOYN3hX6gwe+Ex8NQ7EIcbkJBaxzteEbcCJJf2rUq5oHwt3MFR
H1m1iZ/H3erNHOIqr+LW5+ZXI9Lyyn9z1YTodP2KIfB6Rg8ldsaEnkuCD/S+iikO
xNo/OwJf3rHtbeRtpAfSqkSMhT57hadRTvPlBMAoFEsX3hdw1XuRLOp9YAhsjdhU
GBzD+U/kB8FlYRhPjvjT97lJ7uE2AosGgIZBwpyv/UqPU75u/3SgubLmIHoXYWBn
jPig0H3zqpT+1D+88umMP5Ka+V/KsofUvObSjipdw3U1ZekI+08SLlGQqLvA7tk/
3WvT7QN3k0OUx261pJNHmVhPZysJT0DNpJX9x/4jFiLVBxYyomECggEBAPNtLge0
YJGvKTTpQoKlIb/a47wncBizyeVRhjcYNRQn6JcSzPPao8x1/ARoKPGeTXqDWiHt
o8RllF1aEKbO0gTXtBM7jjwf1ueco1F4IQYc7EnA1TwNyQ0JeA5RFcpOzLOx4SK5
67jMaAI/gQ2Q4H3uISWF+hPlckRySpwouz+xS3QP6PZ8S6lZwHF5S9LMrxTlwbPj
yAjgIllFIvs91J6mDljll1ZG601CU8piaY5zPoJVQIesA/YRK+rlHBPICOGXJBm7
G8kbYT9EFibxklWjiz9C9G70WPulPCZpAqaqIp70nOFR+Kp5g8VuPaMKFx8p3qc/
AQJGlO06lFVaL0UCggEBAOw1qkzBFTdBmZW9VSBHBQdTJuuuWjoLCp1tfPUYluqG
VrzIKN0dlnB2Qy5uOHd0fVTq88+EadnXwt2hOkp4uGeWOIZfE0welWmNZ1ym9vkg
PSLgPYBDSL1rDntLeAgEUYl4gnFL8zyD0uKw/+oMoMaW2jNEqmGJH9y5uG2lkFGC
A6MbEw32sfJKoWB2GvnlIPGAMfZy9Varxq/r24OeFi7J6ja89DBL9OEWsB49/CP0
92dkS2+7KekTN9go3cFaqnseDHNUuRhHsIJBpaWSaxlUwpVP6QQtn5NMEW44YpnE
PDk/EsxwOVAGRVaS5+pBJSUbLplXRHlzVZW4lEc+f9sCggEAe0ZuSh6RzRVck9wQ
/6JqzgMm03FRdmEOPKCljJ8oujVft6ogutmdm/ygDQdGvN3DNOjyKz5ychJTKVdk
GWWhvCwUmKzPYilpps+PccGZT8Qz8UHDeu8sQvrpnq53j4WKavIJJpHrCyIRBhps
25bj6UI/7QXFWHAZBwquOBj0gtPhdzxbaQAXPQMjzxNzT6Syga29A8G12rDPFFBL
39o3I8TKfUB//IRbwzt0vYhLFoXMQSq1TD/Tnbiieglex7HEtaHZ+WHlN1ozTFvJ
sB0kU1RIP1hD+zCpI39RT85cNlTwxXjxPbZKbOKu1bv3YOrKPNDyXdYtR57A6saA
uhy61QKCAQEAnax5AIFGyzrD7duTjlc5+Ri9e0dIPUSPkmS6q9T9MJH6JkwqUudk
O7AFymGS2dJtsxifJV/LVLoc/tqX0Yxh8+un0bJ3bDFiJTJZ09Q0OjoV9UjgZNUF
IkPrR8wp1JglYXGLCVvcgwGv7NigC7jgPZAHGX/1h+QD29AxVyfUfUQfb2osPv70
67p7nKtZ+IPFiM+9CjjUokVJ/LahMmt9fUAVUvKwweiCDxqY96cCv3HPEDo3zN6P
7GCCv40P8fi2ojZ9syLT52w7W8e8bhid2yvkM81CyyI1ShrV69BBqUj/tmru/n7P
EycMc+zeWFWiGPHbGkrRj4y4jZfHiwMiTwKCAQEAk77dpDHxxTbmW0sdRYsEgwbz
hhbi4vhaEsJODDg0WsqZYOxsfbjTXYYSClCel3QHuJGHmEqCTcj8SqWXwpQhTeW1
Ngs1tOprfLAo+XCbUTy51b9Acx6l/EgP1n5lrjNnGgcygfAYSG34zXSnXpiJzqQP
vKXntjJii5U8d+Qzvvwf6taU5v0JqO1J2ZWmvmgZN9qgVR42KVvdBc1F6qsN4F68
ZrY9lULqi776Z60Dfl9S/7E4BCSEyZm4PjJ39zQYMYc4B77YYv/aO4WFZBm7gbc/
0UP8WkOzc8wYOqgLF2KatJkaOLBfbhMGaKPvjvWDfjyVfZ8I4Gqx2rI8ILHEuQ==
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBgTCCASugAwIBAgIJAKlcXsPLQAQuMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV MIIFtTCCA52gAwIBAgIJAM/qkBYP5ExSMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMB4XDTEzMTIxMjAxMzA1NVoXDTE0MDExMTAxMzA1NVowDTELMAkGA1UE BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
BhMCQVUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApUnjcL7xKM6833+k//wfDOYc aWRnaXRzIFB0eSBMdGQwHhcNMTcwNzI1MDg0MDAwWhcNMTgwNzI1MDg0MDAwWjBF
ZCZG90r9HoqVZ2vsd7qKJcNA18dECn6CpfSEFFPzR5GMaFKZNMEsJaJdWfLhRQID MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
AQABo24wbDAdBgNVHQ4EFgQUJm8BXcVRsROy0PVt5stkB3eVnEgwPQYDVR0jBDYw ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
NIAUJm8BXcVRsROy0PVt5stkB3eVnEihEaQPMA0xCzAJBgNVBAYTAkFVggkAqVxe CgKCAgEA4Jut+R51opC773ToeUhwJOVGnpxNqzZTDMImO141WPvKMjMsi15f0U3O
w8tABC4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAHHxcBEpWrIqtLVH KqK8YERDfDzaAbgqz6MNgqc8QbNJ0e9VxtMUzTkCwSlbDHMFgZNyXVRXOQEBJ/fT
m6Yn1hgqrAbfMj9IK6zY9C5Cbad/DfUj3AZMb5u758WJK0x9brmckgqdrQsuf9He MlU+LimOH38QY0orifdAHH+kPUYIiqTBzgJvCy8w1o4hGSlzf2HW400dmlRSJEVg
Ef51/SU= Bj6nXQENbVxmxf6f9H19eWpnLuP5aJIwP4LEsGdqLP0ESnWfZVPIAiEsLuYkhbRX
qiuJfnc1am8LexzLi4VQMCw0K4Tm1lTbapcnOUakO6orQvX7MOEKYBU+ogGGby0M
yOTaCkuUFi0YdTtU4DEdWJ9HfogRO/uG1325/8/T+tq8RgOkp9cUvjU3ONqpLZC6
zs0YR8OzlTbXClmV+Mr6d1qEb3jk6zWlLykLVozOS3z5vdVxpbJqM/CtHporAA0c
Ser2EGtN68OB3Hy3Bh7MPjqpSFSJ1uTQ755jS3qOzwggoQFCz2dBmfyi7nOGHFW4
h/5NaF1mnIlJJVnJIZajSNl9e6klGeXmJv4ZtiqJd/CG0jTUnGWOTimukSmxVNcW
s2vFjwQhuRJwawzGo7O1gZPkq3/0/F+yLp5karmRJs8sQ/JDvGL4rW5YqW7u1WuY
QeHYHscfPwf0be8teKWcURIqBoHPxdJV3s9zf8Y/AN9OFFdPqwcCAwEAAaOBpzCB
pDAdBgNVHQ4EFgQUZrQUSE9A8i0N4ZuQZq/F4I74QlwwdQYDVR0jBG4wbIAUZrQU
SE9A8i0N4ZuQZq/F4I74QlyhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT
b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDP
6pAWD+RMUjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQDPeylCUY4k
nG1KoT139g5T5G1/lxgmYnDqQB1+5JYCQWsPK7sy19tD58bq3+2N2Tozu2/f/GkG
LZtouLyRciFtcAWy4LQlSR4hTLAWeik2WV/h+ovfv4XwvRuwS5PYVQNHQsOAO3ea
hX+W+w+rwI+MFlgEHJO85P61ijcNVbiTpgd0s47RViKyJVDqfhCmpobzS5eTbbXn
F1oFlV84lgEt84BE4RJxlr6fSIxZn6rQPjdbY65snol7Zs2oAt7nLb3hpZgWKobF
3xAfkC9m19nQHeYz3JlNC7sf80top2H2HEZMVVOAD+MxXkcAjNbjBRT3/KAIyWex
2fmoGRbvCIU0LFyyyk7/tG1xTgxNuBmd4Byz1LI25uz6eK4Ey8LeZmp5mvaewI53
t65sAGBkx+LIRt0yGmMCRRFl735Ya4SJD7je1GTiw9I3Yd63dtaJTVd65kkFkLOk
LD56iJHSyCY6JkDXd8RjozIVoaXkVQh2wFq/ZfXzAgIx/u5cJQCMG2DAu6/WI74+
7invOv7dbYfoI02N4iB57iRbPxE4gSrRayYxUVdH1R/tlXbN9Fkd30fl2WfSO897
QC/ODA9w86FSFANhn6nv2KuKIMUSEW+5ZhBowSFIBEdAaMS7yj9uuBWmQKrWNfOh
mZJF1YiFmgRybkdKHPrlCSZyvVBdmnmM6g==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -3,7 +3,6 @@ import queue
import time import time
import socket import socket
import random import random
import os
import threading import threading
import pytest import pytest
from unittest import mock from unittest import mock
@ -15,7 +14,6 @@ from mitmproxy import exceptions
from mitmproxy.test import tutils from mitmproxy.test import tutils
from . import tservers from . import tservers
from ...conftest import requires_alpn
class EchoHandler(tcp.BaseHandler): class EchoHandler(tcp.BaseHandler):
@ -534,36 +532,18 @@ class TestTimeOut(tservers.ServerTestBase):
c.rfile.read(10) c.rfile.read(10)
class TestCryptographyALPN:
def test_has_alpn(self):
if os.environ.get("OPENSSL") == "with-alpn":
assert tcp.HAS_ALPN
assert SSL._lib.Cryptography_HAS_ALPN
elif os.environ.get("OPENSSL") == "old":
assert not tcp.HAS_ALPN
assert not SSL._lib.Cryptography_HAS_ALPN
class TestALPNClient(tservers.ServerTestBase): class TestALPNClient(tservers.ServerTestBase):
handler = ALPNHandler handler = ALPNHandler
ssl = dict( ssl = dict(
alpn_select=b"bar" alpn_select=b"bar"
) )
@requires_alpn @pytest.mark.parametrize('alpn_protos, expected_negotiated, expected_response', [
@pytest.mark.parametrize('has_alpn,alpn_protos, expected_negotiated, expected_response', [ ([b"foo", b"bar", b"fasel"], b'bar', b'bar'),
(True, [b"foo", b"bar", b"fasel"], b'bar', b'bar'), ([], b'', b'NONE'),
(True, [], b'', b'NONE'), (None, b'', b'NONE'),
(True, None, b'', b'NONE'),
(False, [b"foo", b"bar", b"fasel"], b'', b'NONE'),
(False, [], b'', b'NONE'),
(False, None, b'', b'NONE'),
]) ])
def test_alpn(self, monkeypatch, has_alpn, alpn_protos, expected_negotiated, expected_response): def test_alpn(self, monkeypatch, alpn_protos, expected_negotiated, expected_response):
monkeypatch.setattr(tcp, 'HAS_ALPN', has_alpn)
monkeypatch.setattr(SSL._lib, 'Cryptography_HAS_ALPN', has_alpn)
c = tcp.TCPClient(("127.0.0.1", self.port)) c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect(): with c.connect():
c.convert_to_ssl(alpn_protos=alpn_protos) c.convert_to_ssl(alpn_protos=alpn_protos)
@ -574,7 +554,7 @@ class TestALPNClient(tservers.ServerTestBase):
class TestNoSSLNoALPNClient(tservers.ServerTestBase): class TestNoSSLNoALPNClient(tservers.ServerTestBase):
handler = ALPNHandler handler = ALPNHandler
def test_no_ssl_no_alpn(self, disable_alpn): def test_no_ssl_no_alpn(self):
c = tcp.TCPClient(("127.0.0.1", self.port)) c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect(): with c.connect():
assert c.get_alpn_proto_negotiated() == b"" assert c.get_alpn_proto_negotiated() == b""
@ -857,7 +837,6 @@ class TestSSLInvalid(tservers.ServerTestBase):
def test_alpn_error(self): def test_alpn_error(self):
c = tcp.TCPClient(("127.0.0.1", self.port)) c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect(): with c.connect():
if tcp.HAS_ALPN:
with pytest.raises(exceptions.TlsException, match="must be a function"): with pytest.raises(exceptions.TlsException, match="must be a function"):
c.create_ssl_context(alpn_select_callback="foo") c.create_ssl_context(alpn_select_callback="foo")

View File

@ -17,7 +17,6 @@ from mitmproxy.net.http import http1, http2
from pathod.language import generators from pathod.language import generators
from ... import tservers from ... import tservers
from ....conftest import requires_alpn
import logging import logging
logging.getLogger("hyper.packages.hpack.hpack").setLevel(logging.WARNING) logging.getLogger("hyper.packages.hpack.hpack").setLevel(logging.WARNING)
@ -203,7 +202,6 @@ class _Http2Test(_Http2TestBase, _Http2ServerBase):
_Http2ServerBase.teardown_class() _Http2ServerBase.teardown_class()
@requires_alpn
class TestSimple(_Http2Test): class TestSimple(_Http2Test):
request_body_buffer = b'' request_body_buffer = b''
@ -286,7 +284,6 @@ class TestSimple(_Http2Test):
assert response_body_buffer == b'response body' assert response_body_buffer == b'response body'
@requires_alpn
class TestRequestWithPriority(_Http2Test): class TestRequestWithPriority(_Http2Test):
@classmethod @classmethod
@ -368,7 +365,6 @@ class TestRequestWithPriority(_Http2Test):
assert resp.headers.get('priority_weight', None) == expected_priority[2] assert resp.headers.get('priority_weight', None) == expected_priority[2]
@requires_alpn
class TestPriority(_Http2Test): class TestPriority(_Http2Test):
@classmethod @classmethod
@ -453,7 +449,6 @@ class TestPriority(_Http2Test):
assert self.priority_data == expected_priority assert self.priority_data == expected_priority
@requires_alpn
class TestStreamResetFromServer(_Http2Test): class TestStreamResetFromServer(_Http2Test):
@classmethod @classmethod
@ -504,7 +499,6 @@ class TestStreamResetFromServer(_Http2Test):
assert self.master.state.flows[0].response is None assert self.master.state.flows[0].response is None
@requires_alpn
class TestBodySizeLimit(_Http2Test): class TestBodySizeLimit(_Http2Test):
@classmethod @classmethod
@ -554,7 +548,6 @@ class TestBodySizeLimit(_Http2Test):
assert len(self.master.state.flows) == 0 assert len(self.master.state.flows) == 0
@requires_alpn
class TestPushPromise(_Http2Test): class TestPushPromise(_Http2Test):
@classmethod @classmethod
@ -723,7 +716,6 @@ class TestPushPromise(_Http2Test):
# the other two bodies might not be transmitted before the reset # the other two bodies might not be transmitted before the reset
@requires_alpn
class TestConnectionLost(_Http2Test): class TestConnectionLost(_Http2Test):
@classmethod @classmethod
@ -765,7 +757,6 @@ class TestConnectionLost(_Http2Test):
assert self.master.state.flows[0].response is None assert self.master.state.flows[0].response is None
@requires_alpn
class TestMaxConcurrentStreams(_Http2Test): class TestMaxConcurrentStreams(_Http2Test):
@classmethod @classmethod
@ -826,7 +817,6 @@ class TestMaxConcurrentStreams(_Http2Test):
assert b"Stream-ID " in flow.response.content assert b"Stream-ID " in flow.response.content
@requires_alpn
class TestConnectionTerminated(_Http2Test): class TestConnectionTerminated(_Http2Test):
@classmethod @classmethod
@ -867,7 +857,6 @@ class TestConnectionTerminated(_Http2Test):
assert connection_terminated_event.additional_data == b'foobar' assert connection_terminated_event.additional_data == b'foobar'
@requires_alpn
class TestRequestStreaming(_Http2Test): class TestRequestStreaming(_Http2Test):
@classmethod @classmethod
@ -926,7 +915,6 @@ class TestRequestStreaming(_Http2Test):
assert connection_terminated_event is None assert connection_terminated_event is None
@requires_alpn
class TestResponseStreaming(_Http2Test): class TestResponseStreaming(_Http2Test):
@classmethod @classmethod

View File

@ -1,25 +0,0 @@
import io
from unittest import mock
from mitmproxy.utils import version_check
@mock.patch("sys.exit")
def test_check_pyopenssl_version(sexit):
fp = io.StringIO()
version_check.check_pyopenssl_version(fp=fp)
assert not fp.getvalue()
assert not sexit.called
version_check.check_pyopenssl_version((9999,), fp=fp)
assert "outdated" in fp.getvalue()
assert sexit.called
@mock.patch("sys.exit")
@mock.patch("OpenSSL.__version__")
def test_unparseable_pyopenssl_version(version, sexit):
version.split.return_value = ["foo", "bar"]
fp = io.StringIO()
version_check.check_pyopenssl_version(fp=fp)
assert "Cannot parse" in fp.getvalue()
assert not sexit.called

View File

@ -11,8 +11,6 @@ from ...mitmproxy.net import tservers as net_tservers
from pathod.protocols.http2 import HTTP2StateProtocol, TCPHandler from pathod.protocols.http2 import HTTP2StateProtocol, TCPHandler
from ...conftest import requires_alpn
class TestTCPHandlerWrapper: class TestTCPHandlerWrapper:
def test_wrapped(self): def test_wrapped(self):
@ -68,7 +66,6 @@ class TestProtocol:
assert mock_server_method.called assert mock_server_method.called
@requires_alpn
class TestCheckALPNMatch(net_tservers.ServerTestBase): class TestCheckALPNMatch(net_tservers.ServerTestBase):
handler = EchoHandler handler = EchoHandler
ssl = dict( ssl = dict(
@ -83,7 +80,6 @@ class TestCheckALPNMatch(net_tservers.ServerTestBase):
assert protocol.check_alpn() assert protocol.check_alpn()
@requires_alpn
class TestCheckALPNMismatch(net_tservers.ServerTestBase): class TestCheckALPNMismatch(net_tservers.ServerTestBase):
handler = EchoHandler handler = EchoHandler
ssl = dict( ssl = dict(

View File

@ -11,7 +11,6 @@ from pathod.protocols.http2 import HTTP2StateProtocol
from mitmproxy.test import tutils from mitmproxy.test import tutils
from . import tservers from . import tservers
from ..conftest import requires_alpn
def test_response(): def test_response():
@ -216,7 +215,6 @@ class TestDaemonHTTP2(PathocTestDaemon):
ssl = True ssl = True
explain = False explain = False
@requires_alpn
def test_http2(self): def test_http2(self):
c = pathoc.Pathoc( c = pathoc.Pathoc(
("127.0.0.1", self.d.port), ("127.0.0.1", self.d.port),
@ -231,7 +229,6 @@ class TestDaemonHTTP2(PathocTestDaemon):
) )
assert c.protocol == http1 assert c.protocol == http1
@requires_alpn
def test_http2_alpn(self): def test_http2_alpn(self):
c = pathoc.Pathoc( c = pathoc.Pathoc(
("127.0.0.1", self.d.port), ("127.0.0.1", self.d.port),
@ -248,7 +245,6 @@ class TestDaemonHTTP2(PathocTestDaemon):
_, kwargs = c.convert_to_ssl.call_args _, kwargs = c.convert_to_ssl.call_args
assert set(kwargs['alpn_protos']) == set([b'http/1.1', b'h2']) assert set(kwargs['alpn_protos']) == set([b'http/1.1', b'h2'])
@requires_alpn
def test_request(self): def test_request(self):
c = pathoc.Pathoc( c = pathoc.Pathoc(
("127.0.0.1", self.d.port), ("127.0.0.1", self.d.port),
@ -259,14 +255,3 @@ class TestDaemonHTTP2(PathocTestDaemon):
with c.connect(): with c.connect():
resp = c.request("get:/p/200") resp = c.request("get:/p/200")
assert resp.status_code == 200 assert resp.status_code == 200
def test_failing_request(self, disable_alpn):
c = pathoc.Pathoc(
("127.0.0.1", self.d.port),
fp=None,
ssl=True,
use_http2=True,
)
with pytest.raises(NotImplementedError):
with c.connect():
c.request("get:/p/200")

View File

@ -8,7 +8,6 @@ from mitmproxy import exceptions
from mitmproxy.test import tutils from mitmproxy.test import tutils
from . import tservers from . import tservers
from ..conftest import requires_alpn
class TestPathod: class TestPathod:
@ -257,11 +256,6 @@ class TestHTTP2(tservers.DaemonTests):
ssl = True ssl = True
nohang = True nohang = True
@requires_alpn
def test_http2(self): def test_http2(self):
r, _ = self.pathoc(["GET:/"], ssl=True, use_http2=True) r, _ = self.pathoc(["GET:/"], ssl=True, use_http2=True)
assert r[0].status_code == 800 assert r[0].status_code == 800
def test_no_http2(self, disable_alpn):
with pytest.raises(NotImplementedError):
r, _ = self.pathoc(["GET:/"], ssl=True, use_http2=True)