Skip to content

Commit

Permalink
rename TLS/SSL-related functions
Browse files Browse the repository at this point in the history 
SSL is an outdated protocol superseeded by TLS. Although the commonly
used library is called OpenSSL, it is no reason to still use outdated
language for function names.
  • Loading branch information
@Kriechi
Kriechi committed Jan 6, 2018
1 parent 9aae321 commit d15e96d
Show file tree
Hide file tree
Showing 19 changed files with 63 additions and 63 deletions.
2 changes: 1 addition & 1 deletion mitmproxy/certs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,7 +436,7 @@ def altnames(self):
Returns:
All DNS altnames.
"""
# tcp.TCPClient.convert_to_ssl assumes that this property only contains DNS altnames for hostname verification.
# tcp.TCPClient.convert_to_tls assumes that this property only contains DNS altnames for hostname verification.
altnames = []
for i in range(self.x509.get_extension_count()):
ext = self.x509.get_extension(i)
Expand Down
8 changes: 4 additions & 4 deletions mitmproxy/connections.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,8 @@ def make_dummy(cls, address):
tls_version=None,
))

def convert_to_ssl(self, cert, *args, **kwargs):
super().convert_to_ssl(cert, *args, **kwargs)
def convert_to_tls(self, cert, *args, **kwargs):
super().convert_to_tls(cert, *args, **kwargs)
self.timestamp_tls_setup = time.time()
self.mitmcert = cert
sni = self.connection.get_servername()
Expand Down Expand Up @@ -261,7 +261,7 @@ def send(self, message):
self.wfile.write(message)
self.wfile.flush()

def establish_ssl(self, clientcerts, sni, **kwargs):
def establish_tls(self, clientcerts, sni, **kwargs):
if sni and not isinstance(sni, str):
raise ValueError("sni must be str, not " + type(sni).__name__)
clientcert = None
Expand All @@ -275,7 +275,7 @@ def establish_ssl(self, clientcerts, sni, **kwargs):
if os.path.exists(path):
clientcert = path

self.convert_to_ssl(cert=clientcert, sni=sni, **kwargs)
self.convert_to_tls(cert=clientcert, sni=sni, **kwargs)
self.sni = sni
self.alpn_proto_negotiated = self.get_alpn_proto_negotiated()
self.tls_version = self.connection.get_protocol_version_name()
Expand Down
4 changes: 2 additions & 2 deletions mitmproxy/net/tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,7 @@ def close(self):
else:
close_socket(self.connection)

def convert_to_ssl(self, sni=None, alpn_protos=None, **sslctx_kwargs):
def convert_to_tls(self, sni=None, alpn_protos=None, **sslctx_kwargs):
context = tls.create_client_context(
alpn_protos=alpn_protos,
sni=sni,
Expand Down Expand Up @@ -491,7 +491,7 @@ def __init__(self, connection, address, server):
self.server = server
self.clientcert = None

def convert_to_ssl(self, cert, key, **sslctx_kwargs):
def convert_to_tls(self, cert, key, **sslctx_kwargs):
"""
Convert connection to SSL.
For a list of parameters, see tls.create_server_context(...)
Expand Down
4 changes: 2 additions & 2 deletions mitmproxy/proxy/protocol/http_replay.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ def run(self):
)
if resp.status_code != 200:
raise exceptions.ReplayException("Upstream server refuses CONNECT request")
server.establish_ssl(
server.establish_tls(
self.options.client_certs,
sni=self.f.server_conn.sni
)
Expand All @@ -90,7 +90,7 @@ def run(self):
)
server.connect()
if r.scheme == "https":
server.establish_ssl(
server.establish_tls(
self.options.client_certs,
sni=self.f.server_conn.sni
)
Expand Down
4 changes: 2 additions & 2 deletions mitmproxy/proxy/protocol/tls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,7 +487,7 @@ def _establish_tls_with_client(self):
extra_certs = None

try:
self.client_conn.convert_to_ssl(
self.client_conn.convert_to_tls(
cert, key,
method=self.config.openssl_method_client,
options=self.config.openssl_options_client,
Expand Down Expand Up @@ -543,7 +543,7 @@ def _establish_tls_with_server(self):
ciphers_server.append(CIPHER_ID_NAME_MAP[id])
ciphers_server = ':'.join(ciphers_server)

self.server_conn.establish_ssl(
self.server_conn.establish_tls(
self.config.client_certs,
self.server_sni,
method=self.config.openssl_method_server,
Expand Down
2 changes: 1 addition & 1 deletion pathod/pathoc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ def connect(self, connect_to=None, showssl=False, fp=sys.stdout):
if self.use_http2:
alpn_protos.append(b'h2')

self.convert_to_ssl(
self.convert_to_tls(
sni=self.sni,
cert=self.clientcert,
method=self.ssl_version,
Expand Down
2 changes: 1 addition & 1 deletion pathod/pathod.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ def handle(self):
if self.server.ssl:
try:
cert, key, _ = self.server.ssloptions.get_cert(None)
self.convert_to_ssl(
self.convert_to_tls(
cert,
key,
handle_sni=self.handle_sni,
Expand Down
2 changes: 1 addition & 1 deletion pathod/protocols/http.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def handle_http_connect(self, connect, lg):
cert, key, chain_file_ = self.pathod_handler.server.ssloptions.get_cert(
connect[0].encode()
)
self.pathod_handler.convert_to_ssl(
self.pathod_handler.convert_to_tls(
cert,
key,
handle_sni=self.pathod_handler.handle_sni,
Expand Down
52 changes: 26 additions & 26 deletions test/mitmproxy/net/test_tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ class TestServerSSL(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com", options=SSL.OP_ALL)
c.convert_to_tls(sni="foo.com", options=SSL.OP_ALL)
testval = b"echo!\n"
c.wfile.write(testval)
c.wfile.flush()
Expand All @@ -188,7 +188,7 @@ def test_get_current_cipher(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
assert not c.get_current_cipher()
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
ret = c.get_current_cipher()
assert ret
assert "AES" in ret[0]
Expand All @@ -205,15 +205,15 @@ def test_failure(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")


class TestInvalidTrustFile(tservers.ServerTestBase):
def test_invalid_trust_file_should_fail(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/generate.py")
Expand All @@ -231,7 +231,7 @@ class TestSSLUpstreamCertVerificationWBadServerCert(tservers.ServerTestBase):
def test_mode_default_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()

# Verification errors should be saved even if connection isn't aborted
# aborted
Expand All @@ -245,7 +245,7 @@ def test_mode_default_should_pass(self):
def test_mode_none_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(verify=SSL.VERIFY_NONE)
c.convert_to_tls(verify=SSL.VERIFY_NONE)

# Verification errors should be saved even if connection isn't aborted
assert c.ssl_verification_error
Expand All @@ -259,7 +259,7 @@ def test_mode_strict_should_fail(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.InvalidCertificateException):
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
Expand All @@ -284,15 +284,15 @@ def test_should_fail_without_sni(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(
c.convert_to_tls(
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
)

def test_mode_none_should_pass_without_sni(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
verify=SSL.VERIFY_NONE,
ca_path=tutils.test_data.path("mitmproxy/net/data/verificationcerts/")
)
Expand All @@ -303,7 +303,7 @@ def test_should_fail(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.InvalidCertificateException):
c.convert_to_ssl(
c.convert_to_tls(
sni="mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
Expand All @@ -322,7 +322,7 @@ class TestSSLUpstreamCertVerificationWValidCertChain(tservers.ServerTestBase):
def test_mode_strict_w_pemfile_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_pemfile=tutils.test_data.path("mitmproxy/net/data/verificationcerts/trusted-root.crt")
Expand All @@ -338,7 +338,7 @@ def test_mode_strict_w_pemfile_should_pass(self):
def test_mode_strict_w_cadir_should_pass(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
sni="example.mitmproxy.org",
verify=SSL.VERIFY_PEER,
ca_path=tutils.test_data.path("mitmproxy/net/data/verificationcerts/")
Expand Down Expand Up @@ -372,15 +372,15 @@ def handle(self):
def test_clientcert(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(
c.convert_to_tls(
cert=tutils.test_data.path("mitmproxy/net/data/clientcert/client.pem"))
assert c.rfile.readline().strip() == b"1"

def test_clientcert_err(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(exceptions.TlsException):
c.convert_to_ssl(cert=tutils.test_data.path("mitmproxy/net/data/clientcert/make"))
c.convert_to_tls(cert=tutils.test_data.path("mitmproxy/net/data/clientcert/make"))


class TestSNI(tservers.ServerTestBase):
Expand All @@ -400,14 +400,14 @@ def handle(self):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
assert c.sni == "foo.com"
assert c.rfile.readline() == b"foo.com"

def test_idn(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="mitmproxyäöüß.example.com")
c.convert_to_tls(sni="mitmproxyäöüß.example.com")
assert c.tls_established
assert "doesn't match" not in str(c.ssl_verification_error)

Expand All @@ -421,7 +421,7 @@ class TestServerCipherList(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
expected = b"['AES256-GCM-SHA384']"
assert c.rfile.read(len(expected) + 2) == expected

Expand All @@ -442,7 +442,7 @@ def handle(self):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")
assert b'AES256-GCM-SHA384' in c.rfile.readline()


Expand All @@ -456,7 +456,7 @@ def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(Exception, match="handshake error"):
c.convert_to_ssl(sni="foo.com")
c.convert_to_tls(sni="foo.com")


class TestClientCipherListError(tservers.ServerTestBase):
Expand All @@ -469,7 +469,7 @@ def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
with pytest.raises(Exception, match="cipher specification"):
c.convert_to_ssl(sni="foo.com", cipher_list="bogus")
c.convert_to_tls(sni="foo.com", cipher_list="bogus")


class TestSSLDisconnect(tservers.ServerTestBase):
Expand All @@ -484,7 +484,7 @@ def handle(self):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Excercise SSL.ZeroReturnError
c.rfile.read(10)
c.close()
Expand All @@ -501,7 +501,7 @@ class TestSSLHardDisconnect(tservers.ServerTestBase):
def test_echo(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
# Exercise SSL.SysCallError
c.rfile.read(10)
c.close()
Expand Down Expand Up @@ -565,7 +565,7 @@ class TestALPNClient(tservers.ServerTestBase):
def test_alpn(self, monkeypatch, alpn_protos, expected_negotiated, expected_response):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl(alpn_protos=alpn_protos)
c.convert_to_tls(alpn_protos=alpn_protos)
assert c.get_alpn_proto_negotiated() == expected_negotiated
assert c.rfile.readline().strip() == expected_response

Expand All @@ -587,7 +587,7 @@ class TestSSLTimeOut(tservers.ServerTestBase):
def test_timeout_client(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
c.settimeout(0.1)
with pytest.raises(exceptions.TcpTimeout):
c.rfile.read(10)
Expand All @@ -605,7 +605,7 @@ class TestDHParams(tservers.ServerTestBase):
def test_dhparams(self):
c = tcp.TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
ret = c.get_current_cipher()
assert ret[0] == "DHE-RSA-AES256-SHA"

Expand Down Expand Up @@ -801,5 +801,5 @@ class TestPeekSSL(TestPeek):

def _connect(self, c):
with c.connect() as conn:
c.convert_to_ssl()
c.convert_to_tls()
return conn.pop()
2 changes: 1 addition & 1 deletion test/mitmproxy/net/test_tls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def test_log(self, tmpdir):

c = TCPClient(("127.0.0.1", self.port))
with c.connect():
c.convert_to_ssl()
c.convert_to_tls()
c.wfile.write(testval)
c.wfile.flush()
assert c.rfile.readline() == testval
Expand Down
2 changes: 1 addition & 1 deletion test/mitmproxy/net/tools/getcertnames
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ from mitmproxy.net import tcp
def get_remote_cert(host, port, sni):
c = tcp.TCPClient((host, port))
c.connect()
c.convert_to_ssl(sni=sni)
c.convert_to_tls(sni=sni)
return c.cert

if len(sys.argv) > 2:
Expand Down
2 changes: 1 addition & 1 deletion test/mitmproxy/net/tservers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def handle_client_connection(self, request, client_address):
else:
method = OpenSSL.SSL.SSLv23_METHOD
options = None
h.convert_to_ssl(
h.convert_to_tls(
cert,
key,
method=method,
Expand Down
2 changes: 1 addition & 1 deletion test/mitmproxy/proxy/protocol/test_http2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ def setup_connection(self):
while self.client.rfile.readline() != b"\r\n":
pass

self.client.convert_to_ssl(alpn_protos=[b'h2'])
self.client.convert_to_tls(alpn_protos=[b'h2'])

config = h2.config.H2Configuration(
client_side=True,
Expand Down
2 changes: 1 addition & 1 deletion test/mitmproxy/proxy/protocol/test_websocket.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ def setup_connection(self, extension=False):
response = http.http1.read_response(self.client.rfile, request)

if self.ssl:
self.client.convert_to_ssl()
self.client.convert_to_tls()
assert self.client.tls_established

request = http.Request(
Expand Down
Loading

0 comments on commit d15e96d

Please sign in to comment.