diff options
| author | Kyle Morton <kylemorton@google.com> | 2015-06-29 10:32:57 -0700 |
|---|---|---|
| committer | Kyle Morton <kylemorton@google.com> | 2015-06-29 11:00:20 -0700 |
| commit | f0ad1f334ca57fdf57a3bfb190d314fc8d983475 (patch) | |
| tree | a22397901680338545ee69d614ed418e40528475 /test/test_server.py | |
| parent | aebad44d550d917489c802d0d51e1002f87b4e3b (diff) | |
| download | mitmproxy-f0ad1f334ca57fdf57a3bfb190d314fc8d983475.tar.gz mitmproxy-f0ad1f334ca57fdf57a3bfb190d314fc8d983475.tar.bz2 mitmproxy-f0ad1f334ca57fdf57a3bfb190d314fc8d983475.zip | |
Enabling upstream server verification. Added flags --verify_upstream_cert,
--upstream-trusted-cadir, and --upstream-trusted-ca.
Diffstat (limited to 'test/test_server.py')
| -rw-r--r-- | test/test_server.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/test/test_server.py b/test/test_server.py index 8cf4095b..3726ec27 100644 --- a/test/test_server.py +++ b/test/test_server.py @@ -9,6 +9,7 @@ import tutils import tservers from libmproxy.protocol import KILL, Error from libmproxy.protocol.http import CONTENT_MISSING +from OpenSSL import SSL """ Note that the choice of response code in these tests matters more than you @@ -348,6 +349,65 @@ class TestHTTPSCertfile(tservers.HTTPProxTest, CommonMixin): assert self.pathod("304") +class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxTest): + """ + Test upstream server certificate verification with a trusted server cert. + """ + ssl = True + ssloptions = pathod.SSLOptions( + cn = "trusted-cert", + certs = [ + ("trusted-cert", tutils.test_data.path("data/trusted-server.crt")) + ]) + + def test_verification_w_cadir(self): + self.config.openssl_verification_mode_server = SSL.VERIFY_PEER + self.config.openssl_trusted_cadir_server = tutils.test_data.path( + "data/trusted-cadir/") + + self.pathoc() + + def test_verification_w_pemfile(self): + self.config.openssl_verification_mode_server = SSL.VERIFY_PEER + self.config.openssl_trusted_ca_server = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem") + + self.pathoc() + + +class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxTest): + """ + Test upstream server certificate verification with an untrusted server cert. + """ + ssl = True + ssloptions = pathod.SSLOptions( + cn = "untrusted-cert", + certs = [ + ("untrusted-cert", tutils.test_data.path("data/untrusted-server.crt")) + ]) + + def test_default_verification_w_bad_cert(self): + """Should use no verification.""" + self.config.openssl_trusted_ca_server = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem") + + self.pathoc() + + def test_no_verification_w_bad_cert(self): + self.config.openssl_verification_mode_server = SSL.VERIFY_NONE + self.config.openssl_trusted_ca_server = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem") + + self.pathoc() + + def test_verification_w_bad_cert(self): + self.config.openssl_verification_mode_server = SSL.VERIFY_PEER + self.config.openssl_trusted_ca_server = tutils.test_data.path( + "data/trusted-cadir/trusted-ca.pem") + + tutils.raises("SSL handshake error", self.pathoc) + + class TestHTTPSNoCommonName(tservers.HTTPProxTest): """ Test what happens if we get a cert without common name back. |