watchd: remove use_ssl config, use HTTP for non-ssl checks

2025-12-26 21:25:52 +01:00
parent f7a762331a
commit 9f81e1e4af
3 changed files with 11 additions and 30 deletions
--- a/config.ini.sample
+++ b/config.ini.sample
@@ -18,22 +18,14 @@ profiling = 0
 # Database file for proxy storage
 database = proxies.sqlite
-# Check type(s): judges, ssl, irc, head (comma-separated for random selection)
+# Check type(s): judges, ssl, irc, head, tor (comma-separated for random selection)
 #   judges  - HTTP judge servers that echo back request headers
-#   ssl     - TLS handshake test (fast, no payload, verifies MITM)
+#   ssl     - TLS handshake test (port 443, verifies MITM)
-#   irc     - IRC server connection test
+#   irc     - IRC server connection test (port 6667)
-#   head    - HTTP HEAD request test
+#   head    - HTTP HEAD request test (port 80)
 #   tor     - Tor exit check via check.torproject.org (port 80)
 checktype = judges,head
 # SSL verification mode (1=always, 0=never, 2=random)
 #   When enabled, tests TLS handshake with certificate verification.
 #   Benefits:
 #   - Fast: TLS handshake completes quickly, no payload transfer
 #   - Meaningful: Verifies proxy supports encrypted connections
 #   - MITM detection: Certificate validation catches interception
 #   - Fallback: Works when judge servers are blocked/rate-limited
 use_ssl = 1
 # Thread configuration
 threads = 50
 min_threads = 5
--- a/config.py
+++ b/config.py
@@ -101,7 +101,6 @@ class Config(ComboParser):
        self.add_item(section, 'timeout_fail_max', float, 15, 'max extra timeout for failures (default: 15)', False)
        self.add_item(section, 'submit_after', int, 200, 'min. number of tested proxies for DB write', False)
        self.add_item(section, 'debug', bool, False, 'whether to print additional debug info', False)
        self.add_item(section, 'use_ssl', int, 1, 'whether to use SSL (1=always, 0=never, 2=random)', False)
        self.add_item(section, 'checktime', int, 1800, 'base checking interval for proxies in db in seconds', False)
        self.add_item(section, 'perfail_checktime', int, 3600, 'additional checking interval for proxies in db in seconds per experienced failure', False)
        self.add_item(section, 'database', str, 'proxies.sqlite', 'filename of database', True)
--- a/proxywatchd.py
+++ b/proxywatchd.py
@@ -1434,25 +1434,15 @@ class TargetTestJob():
            ssl_only_check = True  # handshake only, no HTTP request
            server_port = 443
            verifycert = True
        elif self.checktype == 'tor':
            # Tor check uses HTTP by default (like judges/head)
            use_ssl = random.choice([0, 1]) if config.watchd.use_ssl == 2 else config.watchd.use_ssl
            ssl_only_check = False
            server_port = 443 if use_ssl else 80
            verifycert = True if use_ssl else False
        else:
-            use_ssl = random.choice([0, 1]) if config.watchd.use_ssl == 2 else config.watchd.use_ssl
+            # head, judges, tor, irc: always use plain HTTP
-            ssl_only_check = False  # minimal SSL test (handshake only, no request)
+            use_ssl = 0
-            if ps.consecutive_success > 0 and (ps.consecutive_success % 3) == 0:
+            ssl_only_check = False
-                use_ssl = 1
+            verifycert = False
                ssl_only_check = True  # periodic MITM check - handshake is sufficient
            if self.checktype == 'irc':
-                server_port = 6697 if use_ssl else 6667
+                server_port = 6667
            else:
-                server_port = 443 if use_ssl else 80
+                server_port = 80
            verifycert = True if use_ssl else False
        protos = ['http', 'socks5', 'socks4'] if ps.proto is None else [ps.proto]
        last_error_category = None