Merge pull request #1484 from mitmproxy/fix-1476

fix #1476
This commit is contained in:
Maximilian Hils 2016-08-16 13:18:54 -07:00 committed by GitHub
commit f922b7aaf5
3 changed files with 35 additions and 30 deletions

View File

@ -369,10 +369,12 @@ class TlsLayer(base.Layer):
not self.config.options.no_upstream_cert and
(
self.config.options.add_upstream_certs_to_client_chain or
self._client_tls and (
self._client_hello.alpn_protocols or
not self._client_hello.sni
)
)
)
establish_server_tls_now = (
(self.server_conn and self._server_tls) or
client_tls_requires_server_connection
@ -434,7 +436,7 @@ class TlsLayer(base.Layer):
if self._custom_server_sni is False:
return None
else:
return self._custom_server_sni or self._client_hello.sni
return self._custom_server_sni or self._client_hello and self._client_hello.sni
@property
def alpn_for_client_connection(self):
@ -509,21 +511,18 @@ class TlsLayer(base.Layer):
def _establish_tls_with_server(self):
self.log("Establish TLS with server", "debug")
try:
alpn = None
if self._client_tls:
if self._client_hello.alpn_protocols:
# We only support http/1.1 and h2.
# If the server only supports spdy (next to http/1.1), it may select that
# and mitmproxy would enter TCP passthrough mode, which we want to avoid.
def deprecated_http2_variant(x):
return x.startswith(b"h2-") or x.startswith(b"spdy")
if self._client_hello.alpn_protocols:
alpn = [x for x in self._client_hello.alpn_protocols if not deprecated_http2_variant(x)]
else:
alpn = None
alpn = [x for x in self._client_hello.alpn_protocols if not (x.startswith(b"h2-") or x.startswith(b"spdy"))]
if alpn and b"h2" in alpn and not self.config.options.http2:
alpn.remove(b"h2")
ciphers_server = self.config.options.ciphers_server
if not ciphers_server:
if not ciphers_server and self._client_tls:
ciphers_server = []
for id in self._client_hello.cipher_suites:
if id in CIPHER_ID_NAME_MAP.keys():
@ -562,7 +561,8 @@ class TlsLayer(base.Layer):
sys.exc_info()[2]
)
self.log("ALPN selected by server: %s" % self.alpn_for_client_connection, "debug")
proto = self.alpn_for_client_connection.decode() if self.alpn_for_client_connection else '-'
self.log("ALPN selected by server: {}".format(proto), "debug")
def _find_cert(self):
"""

View File

@ -85,22 +85,22 @@ class TestProcessProxyOptions:
@mock.patch("mitmproxy.platform.resolver")
def test_modes(self, _):
# self.assert_noerr("-R", "http://localhost")
# self.assert_err("expected one argument", "-R")
# self.assert_err("Invalid server specification", "-R", "reverse")
#
# self.assert_noerr("-T")
#
# self.assert_noerr("-U", "http://localhost")
# self.assert_err("expected one argument", "-U")
# self.assert_err("Invalid server specification", "-U", "upstream")
#
# self.assert_noerr("--upstream-auth", "test:test")
# self.assert_err("expected one argument", "--upstream-auth")
self.assert_noerr("-R", "http://localhost")
self.assert_err("expected one argument", "-R")
self.assert_err("Invalid server specification", "-R", "reverse")
self.assert_noerr("-T")
self.assert_noerr("-U", "http://localhost")
self.assert_err("expected one argument", "-U")
self.assert_err("Invalid server specification", "-U", "upstream")
self.assert_noerr("--upstream-auth", "test:test")
self.assert_err("expected one argument", "--upstream-auth")
self.assert_err(
"Invalid upstream auth specification", "--upstream-auth", "test"
)
# self.assert_err("mutually exclusive", "-R", "http://localhost", "-T")
self.assert_err("mutually exclusive", "-R", "http://localhost", "-T")
def test_socks_auth(self):
self.assert_err(

View File

@ -472,6 +472,11 @@ class TestReverse(tservers.ReverseProxyTest, CommonMixin, TcpMixin):
reverse = True
class TestReverseSSL(tservers.ReverseProxyTest, CommonMixin, TcpMixin):
reverse = True
ssl = True
class TestSocks5(tservers.SocksModeTest):
def test_simple(self):