fix sni bug: respond with the correct certificate

1 files changed, 5 insertions, 5 deletions

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 1894f7f0..f2dcc43f 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -106,18 +106,19 @@ class RequestReplayThread(threading.Thread):
 
 
 class HandleSNI:
-    def __init__(self, handler, client_conn, host, port, cert, key):
+    def __init__(self, handler, client_conn, host, port, key):
         self.handler, self.client_conn, self.host, self.port = handler, client_conn, host, port
-        self.cert, self.key = cert, key
+        self.key = key
 
     def __call__(self, client_connection):
         try:
             sn = client_connection.get_servername()
             if sn:
                 self.handler.get_server_connection(self.client_conn, "https", self.host, self.port, sn)
+                dummycert = self.handler.find_cert(self.client_conn, self.host, self.port, sn)
                 new_context = SSL.Context(SSL.TLSv1_METHOD)
                 new_context.use_privatekey_file(self.key)
-                new_context.use_certificate(self.cert.x509)
+                new_context.use_certificate(dummycert.x509)
                 client_connection.set_context(new_context)
                 self.handler.sni = sn.decode("utf8").encode("idna")
         # An unhandled exception in this method will core dump PyOpenSSL, so
@@ -331,8 +332,7 @@ class ProxyHandler(tcp.BaseHandler):
     def establish_ssl(self, client_conn, host, port):
         dummycert = self.find_cert(client_conn, host, port, host)
         sni = HandleSNI(
-            self, client_conn, host, port,
-            dummycert, self.config.certfile or self.config.cacert
+            self, client_conn, host, port, self.config.certfile or self.config.cacert
         )
         try:
             self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)