diff options
| -rw-r--r-- | libmproxy/proxy/root_context.py | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/libmproxy/proxy/root_context.py b/libmproxy/proxy/root_context.py index 8bf84951..23d4aaf5 100644 --- a/libmproxy/proxy/root_context.py +++ b/libmproxy/proxy/root_context.py @@ -47,25 +47,24 @@ class RootContext(object): return self.channel.ask("next_layer", layer) def _next_layer(self, top_layer): - # 1. Check for --ignore. - if self.config.check_ignore(top_layer.server_conn.address): - return RawTCPLayer(top_layer, logging=False) - try: d = top_layer.client_conn.rfile.peek(3) except TcpException as e: six.reraise(ProtocolException, ProtocolException(str(e)), sys.exc_info()[2]) client_tls = is_tls_record_magic(d) - # 1A. check for --ignore with SNI host - if client_tls: - try: - client_hello = TlsClientHello.from_client_conn(self.client_conn) - if (client_hello and - self.config.check_ignore((client_hello.client_sni, 443))): - return RawTCPLayer(top_layer, logging=False) - except TlsProtocolException as e: - six.reraise(ProtocolException, ProtocolException(str(e)), sys.exc_info()[2]) + # 1. check for --ignore + if self.config.check_ignore: + address = top_layer.server_conn.address + if client_tls: + try: + client_hello = TlsClientHello.from_client_conn(self.client_conn) + except TlsProtocolException as e: + self.log("Cannot parse Client Hello: %s" % repr(e), "error") + else: + address = (client_hello.client_sni, 443) # TODO: may need to wrap that in tcp.Address? + if self.config.check_ignore(address): + return RawTCPLayer(top_layer, logging=False) # 2. Always insert a TLS layer, even if there's neither client nor server tls. # An inline script may upgrade from http to https, |