add ALPN to proxy connections

author: Thomas Kriechbaumer <thomas@kriechbaumer.name> 2015-08-15 17:43:46 +0200
committer: Thomas Kriechbaumer <thomas@kriechbaumer.name> 2015-08-16 11:36:31 +0200
commit: 1e40d34e942382bbb11234e0e9232794b3bf6acf (patch)
tree: 71e7c5879dcf9d30073e23014fea627eeba2647d /libmproxy/protocol2
parent: 2a15479cdbda07a4a99f56f6090e479decbeb17c (diff)
download: mitmproxy-1e40d34e942382bbb11234e0e9232794b3bf6acf.tar.gz
mitmproxy-1e40d34e942382bbb11234e0e9232794b3bf6acf.tar.bz2
mitmproxy-1e40d34e942382bbb11234e0e9232794b3bf6acf.zip
3 files changed, 34 insertions, 4 deletions
diff --git a/libmproxy/protocol2/http_proxy.py b/libmproxy/protocol2/http_proxy.py
index 8ac7ea8e..b4c506cb 100644
--- a/libmproxy/protocol2/http_proxy.py
+++ b/libmproxy/protocol2/http_proxy.py
@@ -1,7 +1,6 @@
 from __future__ import (absolute_import, print_function, division)
 
 from .layer import Layer, ServerConnectionMixin
-from .http import HttpLayer
 
 
 class HttpProxy(Layer, ServerConnectionMixin):
@@ -22,3 +21,5 @@ class HttpUpstreamProxy(Layer, ServerConnectionMixin):
         for message in layer():
             if not self._handle_server_message(message):
                 yield message
+
+from .http import HttpLayer
diff --git a/libmproxy/protocol2/layer.py b/libmproxy/protocol2/layer.py
index 8e985d4d..de519baa 100644
--- a/libmproxy/protocol2/layer.py
+++ b/libmproxy/protocol2/layer.py
@@ -208,4 +208,4 @@ def yield_from_callback(fun):
 
         self.yield_from_callback = None
 
-    return wrapper
-\ No newline at end of file
+    return wrapper
diff --git a/libmproxy/protocol2/tls.py b/libmproxy/protocol2/tls.py
index 55cc9794..fcc12f18 100644
--- a/libmproxy/protocol2/tls.py
+++ b/libmproxy/protocol2/tls.py
@@ -1,7 +1,9 @@
 from __future__ import (absolute_import, print_function, division)
 
 import traceback
+
 from netlib import tcp
+import netlib.http.http2
 
 from ..exceptions import ProtocolException
 from .layer import Layer, yield_from_callback
@@ -15,6 +17,9 @@ class TlsLayer(Layer):
         self._server_tls = server_tls
         self.client_sni = None
         self._sni_from_server_change = None
+        self.client_alpn_protos = None
+
+        # foo alpn protos = [netlib.http.http1.HTTP1Protocol.ALPN_PROTO_HTTP1, netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2],  # TODO: read this from client_conn first
 
     def __call__(self):
         """
@@ -131,7 +136,8 @@ class TlsLayer(Layer):
                     options=self.config.openssl_options_client,
                     cipher_list=self.config.ciphers_client,
                     dhparams=self.config.certstore.dhparams,
-                    chain_file=chain_file
+                    chain_file=chain_file,
+                    alpn_select_callback=self.__handle_alpn_select,
                 )
                 connection.set_context(new_context)
         # An unhandled exception in this method will core dump PyOpenSSL, so
@@ -139,10 +145,30 @@ class TlsLayer(Layer):
         except:  # pragma: no cover
             self.log("Error in handle_sni:\r\n" + traceback.format_exc(), "error")
 
+    def __handle_alpn_select(self, conn_, options):
+        # TODO: change to something meaningful?
+        alpn_preference = netlib.http.http1.HTTP1Protocol.ALPN_PROTO_HTTP1
+        alpn_preference = netlib.http.http2.HTTP2Protocol.ALPN_PROTO_H2
+        ###
+
+        if self.client_alpn_protos != options:
+            # Perform reconnect
+            if self._server_tls:
+                self.yield_from_callback(Reconnect())
+
+        self.client_alpn_protos = options
+        print("foo: %s" % options)
+
+        if alpn_preference in options:
+            return bytes(alpn_preference)
+        else:  # pragma no cover
+            return options[0]
+
     @yield_from_callback
     def _establish_tls_with_client(self):
         self.log("Establish TLS with client", "debug")
         cert, key, chain_file = self._find_cert()
+
         try:
             self.client_conn.convert_to_ssl(
                 cert, key,
@@ -151,9 +177,11 @@ class TlsLayer(Layer):
                 handle_sni=self.__handle_sni,
                 cipher_list=self.config.ciphers_client,
                 dhparams=self.config.certstore.dhparams,
-                chain_file=chain_file
+                chain_file=chain_file,
+                alpn_select_callback=self.__handle_alpn_select,
             )
         except tcp.NetLibError as e:
+            print("alpn: %s" % self.client_alpn_protos)
             raise ProtocolException(repr(e), e)
 
     def _establish_tls_with_server(self):
@@ -168,6 +196,7 @@ class TlsLayer(Layer):
                 ca_path=self.config.openssl_trusted_cadir_server,
                 ca_pemfile=self.config.openssl_trusted_ca_server,
                 cipher_list=self.config.ciphers_server,
+                alpn_protos=self.client_alpn_protos,
             )
             tls_cert_err = self.server_conn.ssl_verification_error
             if tls_cert_err is not None:
author	Thomas Kriechbaumer <thomas@kriechbaumer.name>	2015-08-15 17:43:46 +0200
committer	Thomas Kriechbaumer <thomas@kriechbaumer.name>	2015-08-16 11:36:31 +0200
commit	1e40d34e942382bbb11234e0e9232794b3bf6acf (patch)
tree	71e7c5879dcf9d30073e23014fea627eeba2647d /libmproxy/protocol2
parent	2a15479cdbda07a4a99f56f6090e479decbeb17c (diff)
download	mitmproxy-1e40d34e942382bbb11234e0e9232794b3bf6acf.tar.gz mitmproxy-1e40d34e942382bbb11234e0e9232794b3bf6acf.tar.bz2 mitmproxy-1e40d34e942382bbb11234e0e9232794b3bf6acf.zip