diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2013-03-17 14:35:36 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2013-03-17 14:35:36 +1300 |
| commit | 790ad468e4352419ef519401680f99ee3beb148d (patch) | |
| tree | ff355966e339945c191ab042be5af5d3e75f04a4 /libmproxy | |
| parent | 87f76bb62bba91c5397199e6044363aa1f5bb848 (diff) | |
| download | mitmproxy-790ad468e4352419ef519401680f99ee3beb148d.tar.gz mitmproxy-790ad468e4352419ef519401680f99ee3beb148d.tar.bz2 mitmproxy-790ad468e4352419ef519401680f99ee3beb148d.zip | |
Fix bug that caused mis-identification of some HTTPS connections in transparent mode.
Diffstat (limited to 'libmproxy')
| -rw-r--r-- | libmproxy/proxy.py | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py index 7459fadf..3d55190d 100644 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -323,17 +323,18 @@ class ProxyHandler(tcp.BaseHandler): if not orig: raise ProxyError(502, "Transparent mode failure: could not resolve original destination.") host, port = orig - if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]): + if port in self.config.transparent_proxy["sslports"]: scheme = "https" - dummycert = self.find_cert(client_conn, host, port, host) - sni = HandleSNI( - self, client_conn, host, port, - dummycert, self.config.certfile or self.config.cacert - ) - try: - self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni) - except tcp.NetLibError, v: - raise ProxyError(400, str(v)) + if not self.ssl_established: + dummycert = self.find_cert(client_conn, host, port, host) + sni = HandleSNI( + self, client_conn, host, port, + dummycert, self.config.certfile or self.config.cacert + ) + try: + self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni) + except tcp.NetLibError, v: + raise ProxyError(400, str(v)) else: scheme = "http" line = self.get_line(self.rfile) |