tlsconfig: don't overwrite existing TLS context, refs #5019

2021-12-27 12:22:08 +01:00 · 2021-12-27 12:22:08 +01:00 · 3fbf3cf8ee
parent 9c5bebae9e
commit 3fbf3cf8ee
2 changed files with 17 additions and 0 deletions
--- a/mitmproxy/addons/tlsconfig.py
+++ b/mitmproxy/addons/tlsconfig.py
@ -115,6 +115,9 @@ class TlsConfig:

    def tls_start_client(self, tls_start: tls.TlsData) -> None:
        """Establish TLS between client and proxy."""
+        if tls_start.ssl_conn is not None:
+            return  # a user addon has already provided the pyOpenSSL context.
+
        client: connection.Client = tls_start.context.client
        server: connection.Server = tls_start.context.server

@ -162,6 +165,9 @@ class TlsConfig:

    def tls_start_server(self, tls_start: tls.TlsData) -> None:
        """Establish TLS between proxy and server."""
+        if tls_start.ssl_conn is not None:
+            return  # a user addon has already provided the pyOpenSSL context.
+
        client: connection.Client = tls_start.context.client
        server: connection.Server = tls_start.context.server
        assert server.address
--- a/test/mitmproxy/addons/test_tlsconfig.py
+++ b/test/mitmproxy/addons/test_tlsconfig.py
@ -134,6 +134,11 @@ class TestTlsConfig:
            tls_start = tls.TlsData(ctx.client, context=ctx)
            ta.tls_start_client(tls_start)
            tssl_server = tls_start.ssl_conn
+
+            # assert that a preexisting ssl_conn is not overwritten
+            ta.tls_start_client(tls_start)
+            assert tssl_server is tls_start.ssl_conn
+
            tssl_client = test_tls.SSLTest()
            assert self.do_handshake(tssl_client, tssl_server)
            assert tssl_client.obj.getpeercert()["subjectAltName"] == (("DNS", "example.mitmproxy.org"),)
@ -164,6 +169,11 @@ class TestTlsConfig:
            tls_start = tls.TlsData(ctx.server, context=ctx)
            ta.tls_start_server(tls_start)
            tssl_client = tls_start.ssl_conn
+
+            # assert that a preexisting ssl_conn is not overwritten
+            ta.tls_start_server(tls_start)
+            assert tssl_client is tls_start.ssl_conn
+
            tssl_server = test_tls.SSLTest(server_side=True)
            assert self.do_handshake(tssl_client, tssl_server)

@ -197,6 +207,7 @@ class TestTlsConfig:
                tctx.configure(ta, http2=http2)
                ctx.client.alpn_offers = client_offers
                ctx.server.alpn_offers = None
+                tls_start.ssl_conn = None
                ta.tls_start_server(tls_start)
                assert ctx.server.alpn_offers == expected