Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2764 from Kriechi/ssl-tls 

rename attributes, function and class names: s/ssl/tls/
This commit is contained in:
Maximilian Hils 2018-01-07 20:21:49 +01:00 committed by GitHub
parent c1dad83b32 4fb894cad4
commit 94a173ab9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 173 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/complex/dns_spoofing.py
View File

@ -33,7 +33,7 @@ parse_host_header = re.compile(r"^(?P<host>[^:]+|\[.+\])(?::(?P<port>\d+))?$")
class Rerouter:
def request(self, flow):
if flow.client_conn.ssl_established:
if flow.client_conn.tls_established:
flow.request.scheme = "https"
sni = flow.client_conn.connection.get_servername()
port = 443

4
examples/complex/har_dump.py
View File

@ -58,8 +58,8 @@ def response(flow):
connect_time = (flow.server_conn.timestamp_tcp_setup -
flow.server_conn.timestamp_start)
if flow.server_conn.timestamp_ssl_setup is not None:
ssl_time = (flow.server_conn.timestamp_ssl_setup -
if flow.server_conn.timestamp_tls_setup is not None:
ssl_time = (flow.server_conn.timestamp_tls_setup -
flow.server_conn.timestamp_tcp_setup)
SERVERS_SEEN.add(flow.server_conn)

2
mitmproxy/addons/cut.py
View File

@ -43,7 +43,7 @@ def extract(cut: str, f: flow.Flow) -> typing.Union[str, bytes]:
return part
elif isinstance(part, bool):
return "true" if part else "false"
elif isinstance(part, certs.SSLCert):
elif isinstance(part, certs.Cert):
return part.to_pem().decode("ascii")
current = part
return str(current or "")

8
mitmproxy/certs.py
View File

@ -112,7 +112,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
[OpenSSL.crypto.X509Extension(b"subjectAltName", False, ss)])
cert.set_pubkey(cacert.get_pubkey())
cert.sign(privkey, "sha256")
return SSLCert(cert)
return Cert(cert)
class CertStoreEntry:
@ -249,7 +249,7 @@ class CertStore:
def add_cert_file(self, spec: str, path: str) -> None:
with open(path, "rb") as f:
raw = f.read()
cert = SSLCert(
cert = Cert(
OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM,
raw))
@ -345,7 +345,7 @@ class _GeneralNames(univ.SequenceOf):
constraint.ValueSizeConstraint(1, 1024)
class SSLCert(serializable.Serializable):
class Cert(serializable.Serializable):
def __init__(self, cert):
"""
@ -436,7 +436,7 @@ class SSLCert(serializable.Serializable):
Returns:
All DNS altnames.
"""
# tcp.TCPClient.convert_to_ssl assumes that this property only contains DNS altnames for hostname verification.
# tcp.TCPClient.convert_to_tls assumes that this property only contains DNS altnames for hostname verification.
altnames = []
for i in range(self.x509.get_extension_count()):
ext = self.x509.get_extension(i)

70
mitmproxy/connections.py
View File

@ -16,11 +16,11 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
Attributes:
address: Remote address
ssl_established: True if TLS is established, False otherwise
tls_established: True if TLS is established, False otherwise
clientcert: The TLS client certificate
mitmcert: The MITM'ed TLS server certificate presented to the client
timestamp_start: Connection start timestamp
timestamp_ssl_setup: TLS established timestamp
timestamp_tls_setup: TLS established timestamp
timestamp_end: Connection end timestamp
sni: Server Name Indication sent by client during the TLS handshake
cipher_name: The current used cipher
@ -40,13 +40,13 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
self.rfile = None
self.address = None
self.clientcert = None
self.ssl_established = None
self.tls_established = None
self.id = str(uuid.uuid4())
self.mitmcert = None
self.timestamp_start = time.time()
self.timestamp_end = None
self.timestamp_ssl_setup = None
self.timestamp_tls_setup = None
self.sni = None
self.cipher_name = None
self.alpn_proto_negotiated = None
@ -56,7 +56,7 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
return bool(self.connection) and not self.finished
def __repr__(self):
if self.ssl_established:
if self.tls_established:
tls = "[{}] ".format(self.tls_version)
else:
tls = ""
@ -83,22 +83,14 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
def __hash__(self):
return hash(self.id)
@property
def tls_established(self):
return self.ssl_established
@tls_established.setter
def tls_established(self, value):
self.ssl_established = value
_stateobject_attributes = dict(
id=str,
address=tuple,
ssl_established=bool,
clientcert=certs.SSLCert,
mitmcert=certs.SSLCert,
tls_established=bool,
clientcert=certs.Cert,
mitmcert=certs.Cert,
timestamp_start=float,
timestamp_ssl_setup=float,
timestamp_tls_setup=float,
timestamp_end=float,
sni=str,
cipher_name=str,
@ -125,19 +117,19 @@ class ClientConnection(tcp.BaseHandler, stateobject.StateObject):
address=address,
clientcert=None,
mitmcert=None,
ssl_established=False,
tls_established=False,
timestamp_start=None,
timestamp_end=None,
timestamp_ssl_setup=None,
timestamp_tls_setup=None,
sni=None,
cipher_name=None,
alpn_proto_negotiated=None,
tls_version=None,
))
def convert_to_ssl(self, cert, *args, **kwargs):
super().convert_to_ssl(cert, *args, **kwargs)
self.timestamp_ssl_setup = time.time()
def convert_to_tls(self, cert, *args, **kwargs):
super().convert_to_tls(cert, *args, **kwargs)
self.timestamp_tls_setup = time.time()
self.mitmcert = cert
sni = self.connection.get_servername()
if sni:
@ -162,7 +154,7 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
address: Remote address. Can be both a domain or an IP address.
ip_address: Resolved remote IP address.
source_address: Local IP address or client's source IP address.
ssl_established: True if TLS is established, False otherwise
tls_established: True if TLS is established, False otherwise
cert: The certificate presented by the remote during the TLS handshake
sni: Server Name Indication sent by the proxy during the TLS handshake
alpn_proto_negotiated: The negotiated application protocol
@ -170,7 +162,7 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
via: The underlying server connection (e.g. the connection to the upstream proxy in upstream proxy mode)
timestamp_start: Connection start timestamp
timestamp_tcp_setup: TCP ACK received timestamp
timestamp_ssl_setup: TLS established timestamp
timestamp_tls_setup: TLS established timestamp
timestamp_end: Connection end timestamp
"""
@ -184,15 +176,15 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
self.timestamp_start = None
self.timestamp_end = None
self.timestamp_tcp_setup = None
self.timestamp_ssl_setup = None
self.timestamp_tls_setup = None
def connected(self):
return bool(self.connection) and not self.finished
def __repr__(self):
if self.ssl_established and self.sni:
if self.tls_established and self.sni:
tls = "[{}: {}] ".format(self.tls_version or "TLS", self.sni)
elif self.ssl_established:
elif self.tls_established:
tls = "[{}] ".format(self.tls_version or "TLS")
else:
tls = ""
@ -217,27 +209,19 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
def __hash__(self):
return hash(self.id)
@property
def tls_established(self):
return self.ssl_established
@tls_established.setter
def tls_established(self, value):
self.ssl_established = value
_stateobject_attributes = dict(
id=str,
address=tuple,
ip_address=tuple,
source_address=tuple,
ssl_established=bool,
cert=certs.SSLCert,
tls_established=bool,
cert=certs.Cert,
sni=str,
alpn_proto_negotiated=bytes,
tls_version=str,
timestamp_start=float,
timestamp_tcp_setup=float,
timestamp_ssl_setup=float,
timestamp_tls_setup=float,
timestamp_end=float,
)
@ -258,10 +242,10 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
alpn_proto_negotiated=None,
tls_version=None,
source_address=('', 0),
ssl_established=False,
tls_established=False,
timestamp_start=None,
timestamp_tcp_setup=None,
timestamp_ssl_setup=None,
timestamp_tls_setup=None,
timestamp_end=None,
via=None
))
@ -277,7 +261,7 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
self.wfile.write(message)
self.wfile.flush()
def establish_ssl(self, clientcerts, sni, **kwargs):
def establish_tls(self, clientcerts, sni, **kwargs):
if sni and not isinstance(sni, str):
raise ValueError("sni must be str, not " + type(sni).__name__)
clientcert = None
@ -291,11 +275,11 @@ class ServerConnection(tcp.TCPClient, stateobject.StateObject):
if os.path.exists(path):
clientcert = path
self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs)
self.convert_to_tls(cert=clientcert, sni=sni, **kwargs)
self.sni = sni
self.alpn_proto_negotiated = self.get_alpn_proto_negotiated()
self.tls_version = self.connection.get_protocol_version_name()
self.timestamp_ssl_setup = time.time()
self.timestamp_tls_setup = time.time()
def finish(self):
tcp.TCPClient.finish(self)

26
mitmproxy/io/compat.py
View File

@ -1,5 +1,9 @@
"""
This module handles the import of mitmproxy flows generated by old versions.
The flow file version is decoupled from the mitmproxy release cycle (since
v3.0.0dev) and versioning. Every change or migration gets a new flow file
version number, this prevents issues with developer builds and snapshots.
"""
import uuid
from typing import Any, Dict, Mapping, Union # noqa
@ -119,6 +123,7 @@ def convert_200_300(data):
def convert_300_4(data):
data["version"] = 4
# Ths is an empty migration to transition to the new versioning scheme.
return data
@ -149,6 +154,25 @@ def convert_4_5(data):
return data
def convert_5_6(data):
data["version"] = 6
data["client_conn"]["tls_established"] = data["client_conn"].pop("ssl_established")
data["client_conn"]["timestamp_tls_setup"] = data["client_conn"].pop("timestamp_ssl_setup")
data["server_conn"]["tls_established"] = data["server_conn"].pop("ssl_established")
data["server_conn"]["timestamp_tls_setup"] = data["server_conn"].pop("timestamp_ssl_setup")
if data["server_conn"]["via"]:
data["server_conn"]["via"]["tls_established"] = data["server_conn"]["via"].pop("ssl_established")
data["server_conn"]["via"]["timestamp_tls_setup"] = data["server_conn"]["via"].pop("timestamp_ssl_setup")
return data
# def convert_6_7(data):
# data["version"] = 7
# # Your changes here!
# # Make sure to also increment FLOW_FORMAT_VERSION.
# return data
def _convert_dict_keys(o: Any) -> Any:
if isinstance(o, dict):
return {strutils.always_str(k): _convert_dict_keys(v) for k, v in o.items()}
@ -201,6 +225,8 @@ converters = {
(2, 0): convert_200_300,
(3, 0): convert_300_4,
4: convert_4_5,
5: convert_5_6,
# 6: convert_6_7,
}

22
mitmproxy/net/tcp.py
View File

@ -301,11 +301,11 @@ class _Connection:
self.rfile = None
self.wfile = None
self.ssl_established = False
self.tls_established = False
self.finished = False
def get_current_cipher(self):
if not self.ssl_established:
if not self.tls_established:
return None
name = self.connection.get_cipher_name()
@ -381,7 +381,7 @@ class TCPClient(_Connection):
else:
close_socket(self.connection)
def convert_to_ssl(self, sni=None, alpn_protos=None, **sslctx_kwargs):
def convert_to_tls(self, sni=None, alpn_protos=None, **sslctx_kwargs):
context = tls.create_client_context(
alpn_protos=alpn_protos,
sni=sni,
@ -400,13 +400,13 @@ class TCPClient(_Connection):
else:
raise exceptions.TlsException("SSL handshake error: %s" % repr(v))
self.cert = certs.SSLCert(self.connection.get_peer_certificate())
self.cert = certs.Cert(self.connection.get_peer_certificate())
# Keep all server certificates in a list
for i in self.connection.get_peer_cert_chain():
self.server_certs.append(certs.SSLCert(i))
self.server_certs.append(certs.Cert(i))
self.ssl_established = True
self.tls_established = True
self.rfile.set_descriptor(self.connection)
self.wfile.set_descriptor(self.connection)
@ -473,7 +473,7 @@ class TCPClient(_Connection):
return self.connection.gettimeout()
def get_alpn_proto_negotiated(self):
if self.ssl_established:
if self.tls_established:
return self.connection.get_alpn_proto_negotiated()
else:
return b""
@ -491,7 +491,7 @@ class BaseHandler(_Connection):
self.server = server
self.clientcert = None
def convert_to_ssl(self, cert, key, **sslctx_kwargs):
def convert_to_tls(self, cert, key, **sslctx_kwargs):
"""
Convert connection to SSL.
For a list of parameters, see tls.create_server_context(...)
@ -507,10 +507,10 @@ class BaseHandler(_Connection):
self.connection.do_handshake()
except SSL.Error as v:
raise exceptions.TlsException("SSL handshake error: %s" % repr(v))
self.ssl_established = True
self.tls_established = True
cert = self.connection.get_peer_certificate()
if cert:
self.clientcert = certs.SSLCert(cert)
self.clientcert = certs.Cert(cert)
self.rfile.set_descriptor(self.connection)
self.wfile.set_descriptor(self.connection)
@ -521,7 +521,7 @@ class BaseHandler(_Connection):
self.connection.settimeout(n)
def get_alpn_proto_negotiated(self):
if self.ssl_established:
if self.tls_established:
return self.connection.get_alpn_proto_negotiated()
else:
return b""

10
mitmproxy/net/tls.py
View File

@ -213,7 +213,7 @@ def create_client_context(
) -> bool:
if is_cert_verified and depth == 0:
# Verify hostname of leaf certificate.
cert = certs.SSLCert(x509)
cert = certs.Cert(x509)
try:
crt = dict(
subjectAltName=[("DNS", x.decode("ascii", "strict")) for x in cert.altnames]
@ -270,17 +270,17 @@ def create_client_context(
def create_server_context(
cert: typing.Union[certs.SSLCert, str],
cert: typing.Union[certs.Cert, str],
key: SSL.PKey,
handle_sni: typing.Optional[typing.Callable[[SSL.Connection], None]] = None,
request_client_cert: bool = False,
chain_file=None,
dhparams=None,
extra_chain_certs: typing.Iterable[certs.SSLCert] = None,
extra_chain_certs: typing.Iterable[certs.Cert] = None,
**sslctx_kwargs
) -> SSL.Context:
"""
cert: A certs.SSLCert object or the path to a certificate
cert: A certs.Cert object or the path to a certificate
chain file.
handle_sni: SNI handler, should take a connection object. Server
@ -321,7 +321,7 @@ def create_server_context(
)
context.use_privatekey(key)
if isinstance(cert, certs.SSLCert):
if isinstance(cert, certs.Cert):
context.use_certificate(cert.x509)
else:
context.use_certificate_chain_file(cert)

4
mitmproxy/proxy/protocol/http_replay.py
View File

@ -75,7 +75,7 @@ class RequestReplayThread(basethread.BaseThread):
)
if resp.status_code != 200:
raise exceptions.ReplayException("Upstream server refuses CONNECT request")
server.establish_ssl(
server.establish_tls(
self.options.client_certs,
sni=self.f.server_conn.sni
)
@ -90,7 +90,7 @@ class RequestReplayThread(basethread.BaseThread):
)
server.connect()
if r.scheme == "https":
server.establish_ssl(
server.establish_tls(
self.options.client_certs,
sni=self.f.server_conn.sni
)

6
mitmproxy/proxy/protocol/tls.py
View File

@ -487,7 +487,7 @@ class TlsLayer(base.Layer):
extra_certs = None
try:
self.client_conn.convert_to_ssl(
self.client_conn.convert_to_tls(
cert, key,
method=self.config.openssl_method_client,
options=self.config.openssl_options_client,
@ -524,7 +524,7 @@ class TlsLayer(base.Layer):
if alpn and b"h2" in alpn and not self.config.options.http2:
alpn.remove(b"h2")
if self.client_conn.ssl_established and self.client_conn.get_alpn_proto_negotiated():
if self.client_conn.tls_established and self.client_conn.get_alpn_proto_negotiated():
# If the client has already negotiated an ALP, then force the
# server to use the same. This can only happen if the host gets
# changed after the initial connection was established. E.g.:
@ -543,7 +543,7 @@ class TlsLayer(base.Layer):
ciphers_server.append(CIPHER_ID_NAME_MAP[id])
ciphers_server = ':'.join(ciphers_server)
self.server_conn.establish_ssl(
self.server_conn.establish_tls(
self.config.client_certs,
self.server_sni,
method=self.config.openssl_method_server,

8
mitmproxy/test/tflow.py
View File

@ -157,9 +157,9 @@ def tclient_conn():
address=("127.0.0.1", 22),
clientcert=None,
mitmcert=None,
ssl_established=False,
tls_established=False,
timestamp_start=946681200,
timestamp_ssl_setup=946681201,
timestamp_tls_setup=946681201,
timestamp_end=946681206,
sni="address",
cipher_name="cipher",
@ -184,9 +184,9 @@ def tserver_conn():
cert=None,
timestamp_start=946681202,
timestamp_tcp_setup=946681203,
timestamp_ssl_setup=946681204,
timestamp_tls_setup=946681204,
timestamp_end=946681205,
ssl_established=False,
tls_established=False,
sni="address",
alpn_proto_negotiated=None,
tls_version="TLSv1.2",

8
mitmproxy/tools/console/flowdetailview.py
View File

@ -119,11 +119,11 @@ def flowdetails(state, flow: http.HTTPFlow):
maybe_timestamp(cc, "timestamp_start")
)
)
if cc.ssl_established:
if cc.tls_established:
parts.append(
(
"Client conn. TLS handshake",
maybe_timestamp(cc, "timestamp_ssl_setup")
maybe_timestamp(cc, "timestamp_tls_setup")
)
)
@ -140,11 +140,11 @@ def flowdetails(state, flow: http.HTTPFlow):
maybe_timestamp(sc, "timestamp_tcp_setup")
)
)
if sc.ssl_established:
if sc.tls_established:
parts.append(
(
"Server conn. TLS handshake",
maybe_timestamp(sc, "timestamp_ssl_setup")
maybe_timestamp(sc, "timestamp_tls_setup")
)
)

4
mitmproxy/types.py
View File

@ -267,14 +267,14 @@ class _CutSpecType(_BaseType):
"client_conn.address.host",
"client_conn.tls_version",
"client_conn.sni",
"client_conn.ssl_established",
"client_conn.tls_established",
"server_conn.address.port",
"server_conn.address.host",
"server_conn.ip_address.host",
"server_conn.tls_version",
"server_conn.sni",
"server_conn.ssl_established",
"server_conn.tls_established",
]
def completion(self, manager: _CommandBase, t: type, s: str) -> typing.Sequence[str]:

2
mitmproxy/version.py
View File

@ -9,7 +9,7 @@ MITMPROXY = "mitmproxy " + VERSION
# Serialization format version. This is displayed nowhere, it just needs to be incremented by one
# for each change in the file format.
FLOW_FORMAT_VERSION = 5
FLOW_FORMAT_VERSION = 6
def get_version(dev: bool = False, build: bool = False, refresh: bool = False) -> str:

4
pathod/pathoc.py
View File

@ -79,7 +79,7 @@ class SSLInfo:
}
t = types.get(pk.type(), "Uknown")
parts.append("\tPubkey: %s bit %s" % (pk.bits(), t))
s = certs.SSLCert(i)
s = certs.Cert(i)
if s.altnames:
parts.append("\tSANs: %s" % " ".join(strutils.always_str(n, "utf8") for n in s.altnames))
return "\n".join(parts)
@ -313,7 +313,7 @@ class Pathoc(tcp.TCPClient):
if self.use_http2:
alpn_protos.append(b'h2')
self.convert_to_ssl(
self.convert_to_tls(
sni=self.sni,
cert=self.clientcert,
method=self.ssl_version,

4
pathod/pathod.py
View File

@ -170,7 +170,7 @@ class PathodHandler(tcp.BaseHandler):
),
cipher=None,
)
if self.ssl_established:
if self.tls_established:
retlog["cipher"] = self.get_current_cipher()
m = utils.MemBool()
@ -244,7 +244,7 @@ class PathodHandler(tcp.BaseHandler):
if self.server.ssl:
try:
cert, key, _ = self.server.ssloptions.get_cert(None)
self.convert_to_ssl(
self.convert_to_tls(
cert,
key,
handle_sni=self.handle_sni,

2
pathod/protocols/http.py
View File

@ -27,7 +27,7 @@ class HTTPProtocol:
cert, key, chain_file_ = self.pathod_handler.server.ssloptions.get_cert(
connect[0].encode()
)
self.pathod_handler.convert_to_ssl(
self.pathod_handler.convert_to_tls(
cert,
key,
handle_sni=self.pathod_handler.handle_sni,

2
pathod/protocols/websockets.py
View File

@ -30,7 +30,7 @@ class WebsocketsProtocol:
),
cipher=None,
)
if self.pathod_handler.ssl_established:
if self.pathod_handler.tls_established:
retlog["cipher"] = self.pathod_handler.get_current_cipher()
self.pathod_handler.addlog(retlog)
ld = language.websockets.NESTED_LEADER

6
test/mitmproxy/addons/test_cut.py
View File

@ -40,14 +40,14 @@ def test_extract():
["client_conn.address.host", "127.0.0.1"],
["client_conn.tls_version", "TLSv1.2"],
["client_conn.sni", "address"],
["client_conn.ssl_established", "false"],
["client_conn.tls_established", "false"],
["server_conn.address.port", "22"],
["server_conn.address.host", "address"],
["server_conn.ip_address.host", "192.168.0.1"],
["server_conn.tls_version", "TLSv1.2"],
["server_conn.sni", "address"],
["server_conn.ssl_established", "false"],
["server_conn.tls_established", "false"],
]
for spec, expected in tests:
ret = cut.extract(spec, tf)
@ -55,7 +55,7 @@ def test_extract():
with open(tutils.test_data.path("mitmproxy/net/data/text_cert"), "rb") as f:
d = f.read()
c1 = certs.SSLCert.from_pem(d)
c1 = certs.Cert.from_pem(d)
tf.server_conn.cert = c1
assert "CERTIFICATE" in cut.extract("server_conn.cert", tf)

54
test/mitmproxy/net/test_tcp.py
View File

@ -178,7 +178,7 @@ class TestServerSSL(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com", options=SSL.OP_ALL)
c.convert_to_tls(sni="foo.com", options=SSL.OP_ALL)
testval = b"echo!\n"
c.wfile.write(testval)
c.wfile.flush()
@ -188,7 +188,7 @@ class TestServerSSL(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
assert not c.get_current_cipher()
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
ret = c.get_current_cipher()
assert ret
assert "AES" in ret[0]
@ -205,7 +205,7 @@ class TestSSLv3Only(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
class TestInvalidTrustFile(tservers.ServerTestBase):
@ -213,7 +213,7 @@ class TestInvalidTrustFile(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/generate.py")
@ -231,7 +231,7 @@ class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
def test_mode_default_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Verification errors should be saved even if connection isn't aborted
# aborted
@ -245,7 +245,7 @@ class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
def test_mode_none_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(verify=SSL.VERIFY_NONE)
c.convert_to_tls(verify=SSL.VERIFY_NONE)
# Verification errors should be saved even if connection isn't aborted
assert c.ssl_verification_error
@ -259,7 +259,7 @@ class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.InvalidCertificateException):
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
@ -284,7 +284,7 @@ class TestSSLUpstreamCertVerificationWBadHostname(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(
c.convert_to_tls(
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
)
@ -292,7 +292,7 @@ class TestSSLUpstreamCertVerificationWBadHostname(tservers.ServerTestBase):
def test_mode_none_should_pass_without_sni(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
verify=SSL.VERIFY_NONE,
ca_path=tutils.test_data.path("mitmproxy/net/data/verificationcerts/")
)
@ -303,7 +303,7 @@ class TestSSLUpstreamCertVerificationWBadHostname(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.InvalidCertificateException):
c.convert_to_ssl(
c.convert_to_tls(
sni="mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
@ -322,7 +322,7 @@ class TestSSLUpstreamCertVerificationWValidCertChain(tservers.ServerTestBase):
def test_mode_strict_w_pemfile_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
@ -338,7 +338,7 @@ class TestSSLUpstreamCertVerificationWValidCertChain(tservers.ServerTestBase):
def test_mode_strict_w_cadir_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_path=tutils.test_data.path("mitmproxy/net/data/verificationcerts/")
@ -372,7 +372,7 @@ class TestSSLClientCert(tservers.ServerTestBase):
def test_clientcert(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
cert=tutils.test_data.path("mitmproxy/net/data/clientcert/client.pem"))
assert c.rfile.readline().strip() == b"1"
@ -380,7 +380,7 @@ class TestSSLClientCert(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(cert=tutils.test_data.path("mitmproxy/net/data/clientcert/make"))
c.convert_to_tls(cert=tutils.test_data.path("mitmproxy/net/data/clientcert/make"))
class TestSNI(tservers.ServerTestBase):
@ -400,15 +400,15 @@ class TestSNI(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
assert c.sni == "foo.com"
assert c.rfile.readline() == b"foo.com"
def test_idn(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="mitmproxyäöüß.example.com")
assert c.ssl_established
c.convert_to_tls(sni="mitmproxyäöüß.example.com")
assert c.tls_established
assert "doesn't match" not in str(c.ssl_verification_error)
@ -421,7 +421,7 @@ class TestServerCipherList(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
expected = b"['AES256-GCM-SHA384']"
assert c.rfile.read(len(expected) + 2) == expected
@ -442,7 +442,7 @@ class TestServerCurrentCipher(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
assert b'AES256-GCM-SHA384' in c.rfile.readline()
@ -456,7 +456,7 @@ class TestServerCipherListError(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(Exception, match="handshake error"):
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
class TestClientCipherListError(tservers.ServerTestBase):
@ -469,7 +469,7 @@ class TestClientCipherListError(tservers.ServerTestBase):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(Exception, match="cipher specification"):
c.convert_to_ssl(sni="foo.com", cipher_list="bogus")
c.convert_to_tls(sni="foo.com", cipher_list="bogus")
class TestSSLDisconnect(tservers.ServerTestBase):
@ -484,7 +484,7 @@ class TestSSLDisconnect(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Excercise SSL.ZeroReturnError
c.rfile.read(10)
c.close()
@ -501,7 +501,7 @@ class TestSSLHardDisconnect(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Exercise SSL.SysCallError
c.rfile.read(10)
c.close()
@ -565,7 +565,7 @@ class TestALPNClient(tservers.ServerTestBase):
def test_alpn(self, monkeypatch, alpn_protos, expected_negotiated, expected_response):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(alpn_protos=alpn_protos)
c.convert_to_tls(alpn_protos=alpn_protos)
assert c.get_alpn_proto_negotiated() == expected_negotiated
assert c.rfile.readline().strip() == expected_response
@ -587,7 +587,7 @@ class TestSSLTimeOut(tservers.ServerTestBase):
def test_timeout_client(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
c.settimeout(0.1)
with pytest.raises(exceptions.TcpTimeout):
c.rfile.read(10)
@ -605,7 +605,7 @@ class TestDHParams(tservers.ServerTestBase):
def test_dhparams(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
ret = c.get_current_cipher()
assert ret[0] == "DHE-RSA-AES256-SHA"
@ -801,5 +801,5 @@ class TestPeekSSL(TestPeek):
def _connect(self, c):
with c.connect() as conn:
c.convert_to_ssl()
c.convert_to_tls()
return conn.pop()

2
test/mitmproxy/net/test_tls.py
View File

@ -22,7 +22,7 @@ class TestMasterSecretLogger(tservers.ServerTestBase):
c = TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
c.wfile.write(testval)
c.wfile.flush()
assert c.rfile.readline() == testval

2
test/mitmproxy/net/tools/getcertnames
View File

@ -7,7 +7,7 @@ from mitmproxy.net import tcp
def get_remote_cert(host, port, sni):
c = tcp.TCPClient((host, port))
c.connect()
c.convert_to_ssl(sni=sni)
c.convert_to_tls(sni=sni)
return c.cert
if len(sys.argv) > 2:

2
test/mitmproxy/net/tservers.py
View File

@ -60,7 +60,7 @@ class _TServer(tcp.TCPServer):
else:
method = OpenSSL.SSL.SSLv23_METHOD
options = None
h.convert_to_ssl(
h.convert_to_tls(
cert,
key,
method=method,

2
test/mitmproxy/proxy/protocol/test_http2.py
View File

@ -141,7 +141,7 @@ class _Http2TestBase:
while self.client.rfile.readline() != b"\r\n":
pass
self.client.convert_to_ssl(alpn_protos=[b'h2'])
self.client.convert_to_tls(alpn_protos=[b'h2'])
config = h2.config.H2Configuration(
client_side=True,

4
test/mitmproxy/proxy/protocol/test_websocket.py
View File

@ -101,8 +101,8 @@ class _WebSocketTestBase:
response = http.http1.read_response(self.client.rfile, request)
if self.ssl:
self.client.convert_to_ssl()
assert self.client.ssl_established
self.client.convert_to_tls()
assert self.client.tls_established
request = http.Request(
"relative",

20
test/mitmproxy/proxy/test_server.py
View File

@ -143,9 +143,9 @@ class TcpMixin:
# Test that we get the original SSL cert
if self.ssl:
i_cert = certs.SSLCert(i.sslinfo.certchain[0])
i2_cert = certs.SSLCert(i2.sslinfo.certchain[0])
n_cert = certs.SSLCert(n.sslinfo.certchain[0])
i_cert = certs.Cert(i.sslinfo.certchain[0])
i2_cert = certs.Cert(i2.sslinfo.certchain[0])
n_cert = certs.Cert(n.sslinfo.certchain[0])
assert i_cert == i2_cert
assert i_cert != n_cert
@ -188,9 +188,9 @@ class TcpMixin:
# Test that we get the original SSL cert
if self.ssl:
i_cert = certs.SSLCert(i.sslinfo.certchain[0])
i2_cert = certs.SSLCert(i2.sslinfo.certchain[0])
n_cert = certs.SSLCert(n.sslinfo.certchain[0])
i_cert = certs.Cert(i.sslinfo.certchain[0])
i2_cert = certs.Cert(i2.sslinfo.certchain[0])
n_cert = certs.Cert(n.sslinfo.certchain[0])
assert i_cert == i2_cert
assert i_cert != n_cert
@ -579,7 +579,7 @@ class TestSocks5SSL(tservers.SocksModeTest):
p = self.pathoc_raw()
with p.connect():
p.socks_connect(("localhost", self.server.port))
p.convert_to_ssl()
p.convert_to_tls()
f = p.request("get:/p/200")
assert f.status_code == 200
@ -709,7 +709,7 @@ class TestProxy(tservers.HTTPProxyTest):
first_flow = self.master.state.flows[0]
second_flow = self.master.state.flows[1]
assert first_flow.server_conn.timestamp_tcp_setup
assert first_flow.server_conn.timestamp_ssl_setup is None
assert first_flow.server_conn.timestamp_tls_setup is None
assert second_flow.server_conn.timestamp_tcp_setup
assert first_flow.server_conn.timestamp_tcp_setup == second_flow.server_conn.timestamp_tcp_setup
@ -728,7 +728,7 @@ class TestProxySSL(tservers.HTTPProxyTest):
f = self.pathod("304:b@10k")
assert f.status_code == 304
first_flow = self.master.state.flows[0]
assert first_flow.server_conn.timestamp_ssl_setup
assert first_flow.server_conn.timestamp_tls_setup
def test_via(self):
# tests that the ssl timestamp is present when ssl is used
@ -1149,7 +1149,7 @@ class AddUpstreamCertsToClientChainMixin:
def test_add_upstream_certs_to_client_chain(self):
with open(self.servercert, "rb") as f:
d = f.read()
upstreamCert = certs.SSLCert.from_pem(d)
upstreamCert = certs.Cert.from_pem(d)
p = self.pathoc()
with p.connect():
upstream_cert_found_in_client_chain = False

14
test/mitmproxy/test_certs.py
View File

@ -136,18 +136,18 @@ class TestDummyCert:
assert r.altnames == []
class TestSSLCert:
class TestCert:
def test_simple(self):
with open(tutils.test_data.path("mitmproxy/net/data/text_cert"), "rb") as f:
d = f.read()
c1 = certs.SSLCert.from_pem(d)
c1 = certs.Cert.from_pem(d)
assert c1.cn == b"google.com"
assert len(c1.altnames) == 436
with open(tutils.test_data.path("mitmproxy/net/data/text_cert_2"), "rb") as f:
d = f.read()
c2 = certs.SSLCert.from_pem(d)
c2 = certs.Cert.from_pem(d)
assert c2.cn == b"www.inode.co.nz"
assert len(c2.altnames) == 2
assert c2.digest("sha1")
@ -165,20 +165,20 @@ class TestSSLCert:
def test_err_broken_sans(self):
with open(tutils.test_data.path("mitmproxy/net/data/text_cert_weird1"), "rb") as f:
d = f.read()
c = certs.SSLCert.from_pem(d)
c = certs.Cert.from_pem(d)
# This breaks unless we ignore a decoding error.
assert c.altnames is not None
def test_der(self):
with open(tutils.test_data.path("mitmproxy/net/data/dercert"), "rb") as f:
d = f.read()
s = certs.SSLCert.from_der(d)
s = certs.Cert.from_der(d)
assert s.cn
def test_state(self):
with open(tutils.test_data.path("mitmproxy/net/data/text_cert"), "rb") as f:
d = f.read()
c = certs.SSLCert.from_pem(d)
c = certs.Cert.from_pem(d)
c.get_state()
c2 = c.copy()
@ -188,6 +188,6 @@ class TestSSLCert:
assert c == c2
assert c is not c2
x = certs.SSLCert('')
x = certs.Cert('')
x.set_state(a)
assert x == c

14
test/mitmproxy/test_connections.py
View File

@ -41,10 +41,10 @@ class TestClientConnection:
def test_tls_established_property(self):
c = tflow.tclient_conn()
c.tls_established = True
assert c.ssl_established
assert c.tls_established
assert c.tls_established
c.tls_established = False
assert not c.ssl_established
assert not c.tls_established
assert not c.tls_established
def test_make_dummy(self):
@ -113,10 +113,10 @@ class TestServerConnection:
def test_tls_established_property(self):
c = tflow.tserver_conn()
c.tls_established = True
assert c.ssl_established
assert c.tls_established
assert c.tls_established
c.tls_established = False
assert not c.ssl_established
assert not c.tls_established
assert not c.tls_established
def test_make_dummy(self):
@ -155,7 +155,7 @@ class TestServerConnection:
def test_sni(self):
c = connections.ServerConnection(('', 1234))
with pytest.raises(ValueError, matches='sni must be str, not '):
c.establish_ssl(None, b'foobar')
c.establish_tls(None, b'foobar')
def test_state(self):
c = tflow.tserver_conn()
@ -206,7 +206,7 @@ class TestClientConnectionTLS:
key = OpenSSL.crypto.load_privatekey(
OpenSSL.crypto.FILETYPE_PEM,
raw_key)
c.convert_to_ssl(cert, key)
c.convert_to_tls(cert, key)
assert c.connected()
assert c.sni == sni
assert c.tls_established
@ -230,7 +230,7 @@ class TestServerConnectionTLS(tservers.ServerTestBase):
def test_tls(self, clientcert):
c = connections.ServerConnection(("127.0.0.1", self.port))
c.connect()
c.establish_ssl(clientcert, "foo.com")
c.establish_tls(clientcert, "foo.com")
assert c.connected()
assert c.sni == "foo.com"
assert c.tls_established

16
test/pathod/protocols/test_http2.py
View File

@ -75,7 +75,7 @@ class TestCheckALPNMatch(net_tservers.ServerTestBase):
def test_check_alpn(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(alpn_protos=[b'h2'])
c.convert_to_tls(alpn_protos=[b'h2'])
protocol = HTTP2StateProtocol(c)
assert protocol.check_alpn()
@ -89,7 +89,7 @@ class TestCheckALPNMismatch(net_tservers.ServerTestBase):
def test_check_alpn(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(alpn_protos=[b'h2'])
c.convert_to_tls(alpn_protos=[b'h2'])
protocol = HTTP2StateProtocol(c)
with pytest.raises(NotImplementedError):
protocol.check_alpn()
@ -207,7 +207,7 @@ class TestApplySettings(net_tservers.ServerTestBase):
def test_apply_settings(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c)
protocol._apply_settings({
@ -302,7 +302,7 @@ class TestReadRequest(net_tservers.ServerTestBase):
def test_read_request(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c, is_server=True)
protocol.connection_preface_performed = True
@ -328,7 +328,7 @@ class TestReadRequestRelative(net_tservers.ServerTestBase):
def test_asterisk_form(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c, is_server=True)
protocol.connection_preface_performed = True
@ -351,7 +351,7 @@ class TestReadRequestAbsolute(net_tservers.ServerTestBase):
def test_absolute_form(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c, is_server=True)
protocol.connection_preface_performed = True
@ -378,7 +378,7 @@ class TestReadResponse(net_tservers.ServerTestBase):
def test_read_response(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c)
protocol.connection_preface_performed = True
@ -404,7 +404,7 @@ class TestReadEmptyResponse(net_tservers.ServerTestBase):
def test_read_empty_response(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
protocol = HTTP2StateProtocol(c)
protocol.connection_preface_performed = True

8
test/pathod/test_pathoc.py
View File

@ -238,11 +238,11 @@ class TestDaemonHTTP2(PathocTestDaemon):
http2_skip_connection_preface=True,
)
tmp_convert_to_ssl = c.convert_to_ssl
c.convert_to_ssl = Mock()
c.convert_to_ssl.side_effect = tmp_convert_to_ssl
tmp_convert_to_tls = c.convert_to_tls
c.convert_to_tls = Mock()
c.convert_to_tls.side_effect = tmp_convert_to_tls
with c.connect():
_, kwargs = c.convert_to_ssl.call_args
_, kwargs = c.convert_to_tls.call_args
assert set(kwargs['alpn_protos']) == set([b'http/1.1', b'h2'])
def test_request(self):

4
test/pathod/test_pathod.py
View File

@ -153,7 +153,7 @@ class CommonTests(tservers.DaemonTests):
c = tcp.TCPClient(("localhost", self.d.port))
with c.connect():
if self.ssl:
c.convert_to_ssl()
c.convert_to_tls()
c.wfile.write(b"foo\n\n\n")
c.wfile.flush()
l = self.d.last_log()
@ -241,7 +241,7 @@ class TestDaemonSSL(CommonTests):
with c.connect():
c.wfile.write(b"\0\0\0\0")
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl()
c.convert_to_tls()
l = self.d.last_log()
assert l["type"] == "error"
assert "SSL" in l["msg"]