MCPcopy
hub / github.com/mitmproxy/mitmproxy / receive_handshake_data

Method receive_handshake_data

mitmproxy/proxy/layers/tls.py:294–398  ·  view source on GitHub ↗
(
        self, data: bytes
    )

Source from the content-addressed store, hash-verified

292 yield commands.SendData(self.conn, data)
293
294 def receive_handshake_data(
295 self, data: bytes
296 ) -> layer.CommandGenerator[tuple[bool, str | None]]:
297 # bio_write errors for b"", so we need to check first if we actually received something.
298 if data:
299 self.tls.bio_write(data)
300 try:
301 self.tls.do_handshake()
302 except SSL.WantReadError:
303 yield from self.tls_interact()
304 return False, None
305 except SSL.Error as e:
306 # provide more detailed information for some errors.
307 last_err = (
308 e.args and isinstance(e.args[0], list) and e.args[0] and e.args[0][-1]
309 )
310 if last_err in [
311 (
312 "SSL routines",
313 "tls_process_server_certificate",
314 "certificate verify failed",
315 ),
316 ("SSL routines", "", "certificate verify failed"), # OpenSSL 3+
317 ]:
318 verify_result = SSL._lib.SSL_get_verify_result(self.tls._ssl) # type: ignore
319 error = SSL._ffi.string( # type: ignore
320 SSL._lib.X509_verify_cert_error_string(verify_result) # type: ignore
321 ).decode()
322 err = f"Certificate verify failed: {error}"
323 elif last_err in [
324 ("SSL routines", "ssl3_read_bytes", "tlsv1 alert unknown ca"),
325 ("SSL routines", "ssl3_read_bytes", "sslv3 alert bad certificate"),
326 ("SSL routines", "ssl3_read_bytes", "ssl/tls alert bad certificate"),
327 ("SSL routines", "", "tlsv1 alert unknown ca"), # OpenSSL 3+
328 ("SSL routines", "", "sslv3 alert bad certificate"), # OpenSSL 3+
329 ("SSL routines", "", "ssl/tls alert bad certificate"), # OpenSSL 3.2+
330 ]:
331 assert isinstance(last_err, tuple)
332 err = last_err[2]
333 elif (
334 last_err
335 in [
336 ("SSL routines", "ssl3_get_record", "wrong version number"),
337 ("SSL routines", "", "wrong version number"), # OpenSSL 3+
338 ("SSL routines", "", "packet length too long"), # OpenSSL 3+
339 ("SSL routines", "", "record layer failure"), # OpenSSL 3+
340 ]
341 and data[:4].isascii()
342 ):
343 err = f"The remote server does not speak TLS."
344 elif last_err in [
345 ("SSL routines", "ssl3_read_bytes", "tlsv1 alert protocol version"),
346 ("SSL routines", "", "tlsv1 alert protocol version"), # OpenSSL 3+
347 ]:
348 err = (
349 f"The remote server and mitmproxy cannot agree on a TLS version to use. "
350 f"You may need to adjust mitmproxy's tls_version_server_min option."
351 )

Callers 2

start_handshakeMethod · 0.45

Calls 11

tls_interactMethod · 0.95
receive_dataMethod · 0.95
TlsDataClass · 0.90
bio_writeMethod · 0.80
from_pyopensslMethod · 0.80
do_handshakeMethod · 0.45
decodeMethod · 0.45
insertMethod · 0.45
appendMethod · 0.45

Tested by

no test coverage detected