diff --git a/config.ini.sample b/config.ini.sample index 654709f..9547195 100644 --- a/config.ini.sample +++ b/config.ini.sample @@ -18,22 +18,14 @@ profiling = 0 # Database file for proxy storage database = proxies.sqlite -# Check type(s): judges, ssl, irc, head (comma-separated for random selection) +# Check type(s): judges, ssl, irc, head, tor (comma-separated for random selection) # judges - HTTP judge servers that echo back request headers -# ssl - TLS handshake test (fast, no payload, verifies MITM) -# irc - IRC server connection test -# head - HTTP HEAD request test +# ssl - TLS handshake test (port 443, verifies MITM) +# irc - IRC server connection test (port 6667) +# head - HTTP HEAD request test (port 80) +# tor - Tor exit check via check.torproject.org (port 80) checktype = judges,head -# SSL verification mode (1=always, 0=never, 2=random) -# When enabled, tests TLS handshake with certificate verification. -# Benefits: -# - Fast: TLS handshake completes quickly, no payload transfer -# - Meaningful: Verifies proxy supports encrypted connections -# - MITM detection: Certificate validation catches interception -# - Fallback: Works when judge servers are blocked/rate-limited -use_ssl = 1 - # Thread configuration threads = 50 min_threads = 5 diff --git a/config.py b/config.py index 1d35541..fd29b19 100644 --- a/config.py +++ b/config.py @@ -101,7 +101,6 @@ class Config(ComboParser): self.add_item(section, 'timeout_fail_max', float, 15, 'max extra timeout for failures (default: 15)', False) self.add_item(section, 'submit_after', int, 200, 'min. number of tested proxies for DB write', False) self.add_item(section, 'debug', bool, False, 'whether to print additional debug info', False) - self.add_item(section, 'use_ssl', int, 1, 'whether to use SSL (1=always, 0=never, 2=random)', False) self.add_item(section, 'checktime', int, 1800, 'base checking interval for proxies in db in seconds', False) self.add_item(section, 'perfail_checktime', int, 3600, 'additional checking interval for proxies in db in seconds per experienced failure', False) self.add_item(section, 'database', str, 'proxies.sqlite', 'filename of database', True) diff --git a/proxywatchd.py b/proxywatchd.py index d8ac3be..8c5f6b8 100644 --- a/proxywatchd.py +++ b/proxywatchd.py @@ -1434,25 +1434,15 @@ class TargetTestJob(): ssl_only_check = True # handshake only, no HTTP request server_port = 443 verifycert = True - elif self.checktype == 'tor': - # Tor check uses HTTP by default (like judges/head) - use_ssl = random.choice([0, 1]) if config.watchd.use_ssl == 2 else config.watchd.use_ssl - ssl_only_check = False - server_port = 443 if use_ssl else 80 - verifycert = True if use_ssl else False else: - use_ssl = random.choice([0, 1]) if config.watchd.use_ssl == 2 else config.watchd.use_ssl - ssl_only_check = False # minimal SSL test (handshake only, no request) - if ps.consecutive_success > 0 and (ps.consecutive_success % 3) == 0: - use_ssl = 1 - ssl_only_check = True # periodic MITM check - handshake is sufficient - + # head, judges, tor, irc: always use plain HTTP + use_ssl = 0 + ssl_only_check = False + verifycert = False if self.checktype == 'irc': - server_port = 6697 if use_ssl else 6667 + server_port = 6667 else: - server_port = 443 if use_ssl else 80 - - verifycert = True if use_ssl else False + server_port = 80 protos = ['http', 'socks5', 'socks4'] if ps.proto is None else [ps.proto] last_error_category = None