tlsconfig: make sure to use the correct connection, fix #5109 (#5224)

This commit is contained in:
Maximilian Hils 2022-03-29 10:27:53 +02:00 committed by GitHub
parent a63c96ce72
commit f0da667516
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 6 deletions

View File

@ -2,8 +2,12 @@
## Unreleased: mitmproxy next ## Unreleased: mitmproxy next
* Add flatpak support to the browser addon (#5200, @pauloromeira) * Add flatpak support to the browser addon
* Add example addon to dump contents to files based on a filter expression (#5190, @redraw) ([#5200](https://github.com/mitmproxy/mitmproxy/issues/5200), @pauloromeira)
* Add example addon to dump contents to files based on a filter expression
([#5190](https://github.com/mitmproxy/mitmproxy/issues/5190), @redraw)
* Fix a bug where the wrong SNI is sent to an upstream HTTPS proxy
([#5109](https://github.com/mitmproxy/mitmproxy/issues/5109), @mhils)
## 19 March 2022: mitmproxy 8.0.0 ## 19 March 2022: mitmproxy 8.0.0

View File

@ -118,7 +118,9 @@ class TlsConfig:
if tls_start.ssl_conn is not None: if tls_start.ssl_conn is not None:
return # a user addon has already provided the pyOpenSSL context. return # a user addon has already provided the pyOpenSSL context.
client: connection.Client = tls_start.context.client assert isinstance(tls_start.conn, connection.Client)
client: connection.Client = tls_start.conn
server: connection.Server = tls_start.context.server server: connection.Server = tls_start.context.server
entry = self.get_cert(tls_start.context) entry = self.get_cert(tls_start.context)
@ -168,8 +170,11 @@ class TlsConfig:
if tls_start.ssl_conn is not None: if tls_start.ssl_conn is not None:
return # a user addon has already provided the pyOpenSSL context. return # a user addon has already provided the pyOpenSSL context.
assert isinstance(tls_start.conn, connection.Server)
client: connection.Client = tls_start.context.client client: connection.Client = tls_start.context.client
server: connection.Server = tls_start.context.server # tls_start.conn may be different from tls_start.context.server, e.g. an upstream HTTPS proxy.
server: connection.Server = tls_start.conn
assert server.address assert server.address
if ctx.options.ssl_insecure: if ctx.options.ssl_insecure:

View File

@ -351,7 +351,8 @@ class ServerTLSLayer(_TLSLayer):
self.tunnel_state = tunnel.TunnelState.CLOSED self.tunnel_state = tunnel.TunnelState.CLOSED
else: else:
yield from self.start_tls() yield from self.start_tls()
yield from self.receive_handshake_data(b"") if self.tls:
yield from self.receive_handshake_data(b"")
def event_to_child(self, event: events.Event) -> layer.CommandGenerator[None]: def event_to_child(self, event: events.Event) -> layer.CommandGenerator[None]:
if self.wait_for_clienthello: if self.wait_for_clienthello:

View File

@ -70,6 +70,7 @@ def test_upstream_https(tctx):
<< SendData(upstream, clienthello) << SendData(upstream, clienthello)
) )
assert upstream().address == ("example.mitmproxy.org", 8081) assert upstream().address == ("example.mitmproxy.org", 8081)
assert upstream().sni == "example.mitmproxy.org"
assert ( assert (
proxy2 proxy2
>> DataReceived(tctx2.client, clienthello()) >> DataReceived(tctx2.client, clienthello())

View File

@ -201,9 +201,13 @@ class Playbook:
x.connection.timestamp_end = 1624544787 x.connection.timestamp_end = 1624544787
self.actual.append(x) self.actual.append(x)
cmds: typing.List[commands.Command] = []
try: try:
cmds: typing.List[commands.Command] = list(self.layer.handle_event(x)) # consume them one by one so that we can extend the log with all commands until traceback.
for cmd in self.layer.handle_event(x):
cmds.append(cmd)
except Exception: except Exception:
self.actual.extend(cmds)
self.actual.append(_TracebackInPlaybook(traceback.format_exc())) self.actual.append(_TracebackInPlaybook(traceback.format_exc()))
break break