Fix error message in OpenSSL >=3.2.0 (mitmproxy#6658)

Fix the test cases for OpenSSL v3 Ref: openssl/openssl@81b741f openssl/openssl@4030869
Flared · Feb 13, 2024 · 2a82674 · 2a82674
1 parent d317304
commit 2a82674
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/mitmproxy/proxy/layers/tls.py b/mitmproxy/proxy/layers/tls.py
@@ -318,9 +318,9 @@ def receive_handshake_data(
                 err = f"Certificate verify failed: {error}"
             elif last_err in [
                 ("SSL routines", "ssl3_read_bytes", "tlsv1 alert unknown ca"),
-                ("SSL routines", "ssl3_read_bytes", "sslv3 alert bad certificate"),
+                ("SSL routines", "ssl3_read_bytes", "ssl/tls alert bad certificate"),
                 ("SSL routines", "", "tlsv1 alert unknown ca"),  # OpenSSL 3+
-                ("SSL routines", "", "sslv3 alert bad certificate"),  # OpenSSL 3+
+                ("SSL routines", "", "ssl/tls alert bad certificate"),  # OpenSSL 3+
             ]:
                 assert isinstance(last_err, tuple)
                 err = last_err[2]
@@ -329,6 +329,8 @@ def receive_handshake_data(
                 in [
                     ("SSL routines", "ssl3_get_record", "wrong version number"),
                     ("SSL routines", "", "wrong version number"),  # OpenSSL 3+
+                    ("SSL routines", "", "packet length too long"),  # OpenSSL 3+
+                    ("SSL routines", "", "record layer failure"),  # OpenSSL 3+
                 ]
                 and data[:4].isascii()
             ):

diff --git a/pyproject.toml b/pyproject.toml
@@ -47,7 +47,7 @@ dependencies = [
     "passlib>=1.6.5, <1.8",
     "protobuf>=3.14,<5",
     "pydivert>=2.0.3,<2.2; sys_platform == 'win32'",
-    "pyOpenSSL>=22.1,<23.4",
+    "pyOpenSSL>=22.1,<24.1",
     "pyparsing>=2.4.2,<3.2",
     "pyperclip>=1.6.0,<1.9",
     "ruamel.yaml>=0.16,<0.19",

diff --git a/test/mitmproxy/proxy/layers/test_tls.py b/test/mitmproxy/proxy/layers/test_tls.py
@@ -666,7 +666,7 @@ def test_mitmproxy_ca_is_untrusted(self, tctx: context.Context):
             >> events.DataReceived(tctx.client, tssl_client.bio_read())
             << commands.Log(
                 "Client TLS handshake failed. The client does not trust the proxy's certificate "
-                "for wrong.host.mitmproxy.org (sslv3 alert bad certificate)",
+                "for wrong.host.mitmproxy.org (ssl/tls alert bad certificate)",
                 WARNING,
             )
             << tls.TlsFailedClientHook(tls_hook_data)