diff options
| -rw-r--r-- | mitmproxy/protocol/tls.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/mitmproxy/protocol/tls.py b/mitmproxy/protocol/tls.py index 26c3f9d2..229f0db1 100644 --- a/mitmproxy/protocol/tls.py +++ b/mitmproxy/protocol/tls.py @@ -341,14 +341,16 @@ class TlsLayer(Layer): https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html - The original mitmproxy issue is https://github.com/mitmproxy/mitmproxy/issues/427 """ + if self._client_tls: + self._parse_client_hello() + # First, this requires that we have TLS on both the client and the server connection. + # Second, this must be disabled if the user specified --no-upstream-cert + # Third, if the client sends a SNI value, we can be reasonably sure that this is the actual target host. client_tls_requires_server_cert = ( - self._client_tls and self._server_tls and not self.config.no_upstream_cert + self._client_tls and self._server_tls and not self.config.no_upstream_cert and not self.client_sni ) - if self._client_tls: - self._parse_client_hello() - if client_tls_requires_server_cert: self._establish_tls_with_client_and_server() elif self._client_tls: |