diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2015-06-18 12:07:02 +1200 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2015-06-18 12:07:02 +1200 |
| commit | 5bb7159edd7bf1d54b75969a2d3859e9570e8361 (patch) | |
| tree | 8d0d7b909a5432fcb7317c95fc70aec1927d67b2 /netlib/tcp.py | |
| parent | 1f0c55a942ef1e36d21e2d8006a1585ad4cf2700 (diff) | |
| parent | eb823a04a19de7fd9e15d225064ae4581f0b85bf (diff) | |
| download | mitmproxy-5bb7159edd7bf1d54b75969a2d3859e9570e8361.tar.gz mitmproxy-5bb7159edd7bf1d54b75969a2d3859e9570e8361.tar.bz2 mitmproxy-5bb7159edd7bf1d54b75969a2d3859e9570e8361.zip | |
Merge pull request #70 from Kriechi/http2-wip
HTTP/2: yet another PR
Diffstat (limited to 'netlib/tcp.py')
| -rw-r--r-- | netlib/tcp.py | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py index 953cef6e..cafc3ed9 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -22,11 +22,6 @@ TLSv1_METHOD = SSL.TLSv1_METHOD TLSv1_1_METHOD = SSL.TLSv1_1_METHOD TLSv1_2_METHOD = SSL.TLSv1_2_METHOD -OP_NO_SSLv2 = SSL.OP_NO_SSLv2 -OP_NO_SSLv3 = SSL.OP_NO_SSLv3 -VERIFY_NONE = SSL.VERIFY_NONE - - class NetLibError(Exception): pass @@ -374,8 +369,8 @@ class _Connection(object): def _create_ssl_context(self, method=SSLv23_METHOD, - options=(OP_NO_SSLv2 | OP_NO_SSLv3), - verify_options=VERIFY_NONE, + options=(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_COMPRESSION), + verify_options=SSL.VERIFY_NONE, ca_path=None, ca_pemfile=None, cipher_list=None, @@ -397,7 +392,7 @@ class _Connection(object): context.set_options(options) # Verify Options (NONE/PEER/PEER|FAIL_IF_... and trusted CAs) - if verify_options is not None and verify_options is not VERIFY_NONE: + if verify_options is not None and verify_options is not SSL.VERIFY_NONE: def verify_cert(conn, cert, errno, err_depth, is_cert_verified): if is_cert_verified: return True @@ -419,6 +414,9 @@ class _Connection(object): if cipher_list: try: context.set_cipher_list(cipher_list) + + # TODO: maybe change this to with newer pyOpenSSL APIs + context.set_tmp_ecdh(OpenSSL.crypto.get_elliptic_curve('prime256v1')) except SSL.Error as v: raise NetLibError("SSL cipher specification error: %s" % str(v)) @@ -529,7 +527,7 @@ class TCPClient(_Connection): if OpenSSL._util.lib.Cryptography_HAS_ALPN and self.ssl_established: return self.connection.get_alpn_proto_negotiated() else: - return None + return "" class BaseHandler(_Connection): @@ -639,7 +637,7 @@ class BaseHandler(_Connection): if OpenSSL._util.lib.Cryptography_HAS_ALPN and self.ssl_established: return self.connection.get_alpn_proto_negotiated() else: - return None + return "" class TCPServer(object): |