Helper container for Python's builtin SSL object.
| 84 | |
| 85 | |
| 86 | class SSLTest: |
| 87 | """Helper container for Python's builtin SSL object.""" |
| 88 | |
| 89 | def __init__( |
| 90 | self, |
| 91 | server_side: bool = False, |
| 92 | alpn: list[str] | None = None, |
| 93 | sni: bytes | None = b"example.mitmproxy.org", |
| 94 | max_ver: ssl.TLSVersion | None = None, |
| 95 | post_handshake_auth: bool = False, |
| 96 | ): |
| 97 | self.inc = ssl.MemoryBIO() |
| 98 | self.out = ssl.MemoryBIO() |
| 99 | self.ctx = ssl.SSLContext( |
| 100 | ssl.PROTOCOL_TLS_SERVER if server_side else ssl.PROTOCOL_TLS_CLIENT |
| 101 | ) |
| 102 | |
| 103 | self.ctx.verify_mode = ssl.CERT_OPTIONAL |
| 104 | self.ctx.post_handshake_auth = post_handshake_auth |
| 105 | self.ctx.load_verify_locations( |
| 106 | cafile=tlsdata.path("../../net/data/verificationcerts/trusted-root.crt"), |
| 107 | ) |
| 108 | |
| 109 | if alpn: |
| 110 | self.ctx.set_alpn_protocols(alpn) |
| 111 | if server_side: |
| 112 | if sni == b"192.0.2.42": |
| 113 | filename = "trusted-leaf-ip" |
| 114 | else: |
| 115 | filename = "trusted-leaf" |
| 116 | self.ctx.load_cert_chain( |
| 117 | certfile=tlsdata.path( |
| 118 | f"../../net/data/verificationcerts/{filename}.crt" |
| 119 | ), |
| 120 | keyfile=tlsdata.path( |
| 121 | f"../../net/data/verificationcerts/{filename}.key" |
| 122 | ), |
| 123 | ) |
| 124 | if max_ver: |
| 125 | self.ctx.maximum_version = max_ver |
| 126 | |
| 127 | self.obj = self.ctx.wrap_bio( |
| 128 | self.inc, |
| 129 | self.out, |
| 130 | server_hostname=None if server_side else sni, |
| 131 | server_side=server_side, |
| 132 | ) |
| 133 | |
| 134 | def bio_write(self, buf: bytes) -> int: |
| 135 | return self.inc.write(buf) |
| 136 | |
| 137 | def bio_read(self, bufsize: int = 2**16) -> bytes: |
| 138 | return self.out.read(bufsize) |
| 139 | |
| 140 | def do_handshake(self) -> None: |
| 141 | return self.obj.do_handshake() |
| 142 | |
| 143 |
no outgoing calls
searching dependent graphs…