mirror of https://github.com/sonertari/SSLproxy
Fix autossl without STARTTLS in divert mode
In the previous implementation, the use case for autossl was assumed to be STARTTLS with POP3 or SMTP. But there are users who use autossl with HTTP too. The split mode was fine, but the divert mode was broken. This change makes autossl a generic upgrade mechanism. Also fix sslproxy line in autossl, change p to s if upgraded. Add e2e tests for autossl in divert and split mode.pull/48/head
parent
45abd2e85c
commit
63a48308cd
@ -0,0 +1,140 @@
|
||||
{
|
||||
"comment": "Autossl tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
|
||||
"configs": {
|
||||
"1": {
|
||||
"proto": {
|
||||
"proto": "tcp"
|
||||
},
|
||||
"client": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "8214"
|
||||
},
|
||||
"server": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "9214"
|
||||
}
|
||||
},
|
||||
"2": {
|
||||
"proto": {
|
||||
"proto": "ssl",
|
||||
"crt": "server.crt",
|
||||
"key": "server.key"
|
||||
},
|
||||
"client": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "8214"
|
||||
},
|
||||
"server": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "9214"
|
||||
}
|
||||
}
|
||||
},
|
||||
"tests": {
|
||||
"1": {
|
||||
"comment": "Does not remove any extra SSLproxy line, nor appends Connection: close",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"2": {
|
||||
"comment": "Does not change Connection header to close",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"3": {
|
||||
"comment": "Does not suppress upgrading to SSL/TLS, WebSockets or HTTP/2",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"4": {
|
||||
"comment": "Does not remove Accept-Encoding",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"5": {
|
||||
"comment": "Does not remove Via",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"6": {
|
||||
"comment": "Does not remove X-Forwarded-For",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"7": {
|
||||
"comment": "Does not remove Referer",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,140 @@
|
||||
{
|
||||
"comment": "Autossl split mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
|
||||
"configs": {
|
||||
"1": {
|
||||
"proto": {
|
||||
"proto": "tcp"
|
||||
},
|
||||
"client": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "8215"
|
||||
},
|
||||
"server": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "9215"
|
||||
}
|
||||
},
|
||||
"2": {
|
||||
"proto": {
|
||||
"proto": "ssl",
|
||||
"crt": "server.crt",
|
||||
"key": "server.key"
|
||||
},
|
||||
"client": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "8215"
|
||||
},
|
||||
"server": {
|
||||
"ip": "127.0.0.1",
|
||||
"port": "9215"
|
||||
}
|
||||
}
|
||||
},
|
||||
"tests": {
|
||||
"1": {
|
||||
"comment": "Does not remove any extra SSLproxy line, nor appends Connection: close",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"2": {
|
||||
"comment": "Does not change Connection header to close",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"3": {
|
||||
"comment": "Does not suppress upgrading to SSL/TLS, WebSockets or HTTP/2",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"4": {
|
||||
"comment": "Does not remove Accept-Encoding",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"5": {
|
||||
"comment": "Does not remove Via",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"6": {
|
||||
"comment": "Does not remove X-Forwarded-For",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"7": {
|
||||
"comment": "Does not remove Referer",
|
||||
"states": {
|
||||
"1": {
|
||||
"testend": "client",
|
||||
"cmd": "send",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||
},
|
||||
"2": {
|
||||
"testend": "server",
|
||||
"cmd": "recv",
|
||||
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue