Merge pull request #4643 from mhils/issue-4642

Fix HTTPS Reverse Proxy TLS Layer Logic
2021-06-17 20:12:06 +02:00 · 2021-06-17 20:12:06 +02:00 · 863c792f41
parent 74aa5cea56 c075d33997
commit 863c792f41
1 changed files with 10 additions and 6 deletions
--- a/mitmproxy/addons/next_layer.py
+++ b/mitmproxy/addons/next_layer.py
@ -115,9 +115,13 @@ class NextLayer:
        # 2. Check for TLS
        if client_tls:
            # client tls usually requires a server tls layer as parent layer, except:
-            #  - reverse proxy mode manages this itself.
            #  - a secure web proxy doesn't have a server part.
-            if s(modes.ReverseProxy) or s(modes.HttpProxy):
+            #  - reverse proxy mode manages this itself.
+            if (
+                s(modes.HttpProxy) or
+                s(modes.ReverseProxy) or
+                s(modes.ReverseProxy, layers.ServerTLSLayer)
+            ):
                return layers.ClientTLSLayer(context)
            else:
                # We already assign the next layer here os that ServerTLSLayer
@ -127,11 +131,11 @@ class NextLayer:
                return ret

        # 3. Setup the HTTP layer for a regular HTTP proxy or an upstream proxy.
-        if any([
-            s(modes.HttpProxy),
+        if (
+            s(modes.HttpProxy) or
            # or a "Secure Web Proxy", see https://www.chromium.org/developers/design-documents/secure-web-proxy
-            s(modes.HttpProxy, layers.ClientTLSLayer),
-        ]):
+            s(modes.HttpProxy, layers.ClientTLSLayer)
+        ):
            if ctx.options.mode == "regular":
                return layers.HttpLayer(context, HTTPMode.regular)
            else: