7 files changed, 25 insertions, 6 deletions

diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py
index b1478655..bf765d81 100644
--- a/libmproxy/proxy/config.py
+++ b/libmproxy/proxy/config.py
@@ -19,6 +19,7 @@ DEFAULT_CLIENT_CIPHERS = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA
 
 
 class HostMatcher(object):
+
     def __init__(self, patterns=tuple()):
         self.patterns = list(patterns)
         self.regexes = [re.compile(p, re.IGNORECASE) for p in self.patterns]
@@ -41,6 +42,7 @@ ServerSpec = collections.namedtuple("ServerSpec", "scheme address")
 
 
 class ProxyConfig:
+
     def __init__(
             self,
             host='',
diff --git a/libmproxy/proxy/modes/http_proxy.py b/libmproxy/proxy/modes/http_proxy.py
index c7502c24..e19062b9 100644
--- a/libmproxy/proxy/modes/http_proxy.py
+++ b/libmproxy/proxy/modes/http_proxy.py
@@ -4,6 +4,7 @@ from ...protocol import Layer, ServerConnectionMixin
 
 
 class HttpProxy(Layer, ServerConnectionMixin):
+
     def __call__(self):
         layer = self.ctx.next_layer(self)
         try:
@@ -14,6 +15,7 @@ class HttpProxy(Layer, ServerConnectionMixin):
 
 
 class HttpUpstreamProxy(Layer, ServerConnectionMixin):
+
     def __init__(self, ctx, server_address):
         super(HttpUpstreamProxy, self).__init__(ctx, server_address=server_address)
 
diff --git a/libmproxy/proxy/modes/reverse_proxy.py b/libmproxy/proxy/modes/reverse_proxy.py
index 28f4e6f8..c8e80a10 100644
--- a/libmproxy/proxy/modes/reverse_proxy.py
+++ b/libmproxy/proxy/modes/reverse_proxy.py
@@ -4,6 +4,7 @@ from ...protocol import Layer, ServerConnectionMixin
 
 
 class ReverseProxy(Layer, ServerConnectionMixin):
+
     def __init__(self, ctx, server_address, server_tls):
         super(ReverseProxy, self).__init__(ctx, server_address=server_address)
         self.server_tls = server_tls
diff --git a/libmproxy/proxy/modes/socks_proxy.py b/libmproxy/proxy/modes/socks_proxy.py
index 90788e37..e2ce44ae 100644
--- a/libmproxy/proxy/modes/socks_proxy.py
+++ b/libmproxy/proxy/modes/socks_proxy.py
@@ -8,6 +8,7 @@ from ...protocol import Layer, ServerConnectionMixin
 
 
 class Socks5Proxy(Layer, ServerConnectionMixin):
+
     def __init__(self, ctx):
         super(Socks5Proxy, self).__init__(ctx)
 
diff --git a/libmproxy/proxy/modes/transparent_proxy.py b/libmproxy/proxy/modes/transparent_proxy.py
index da1d4632..3fdda656 100644
--- a/libmproxy/proxy/modes/transparent_proxy.py
+++ b/libmproxy/proxy/modes/transparent_proxy.py
@@ -6,6 +6,7 @@ from ...protocol import Layer, ServerConnectionMixin
 
 
 class TransparentProxy(Layer, ServerConnectionMixin):
+
     def __init__(self, ctx):
         super(TransparentProxy, self).__init__(ctx)
         self.resolver = platform.resolver()
diff --git a/libmproxy/proxy/root_context.py b/libmproxy/proxy/root_context.py
index f62b0c8e..f56aee6d 100644
--- a/libmproxy/proxy/root_context.py
+++ b/libmproxy/proxy/root_context.py
@@ -4,16 +4,17 @@ import sys
 
 import six
 
-from libmproxy.exceptions import ProtocolException
+from libmproxy.exceptions import ProtocolException, TlsProtocolException
 from netlib.exceptions import TcpException
 from ..protocol import (
     RawTCPLayer, TlsLayer, Http1Layer, Http2Layer, is_tls_record_magic, ServerConnectionMixin,
-    UpstreamConnectLayer
+    UpstreamConnectLayer, TlsClientHello
 )
 from .modes import HttpProxy, HttpUpstreamProxy, ReverseProxy
 
 
 class RootContext(object):
+
     """
     The outermost context provided to the root layer.
     As a consequence, every layer has access to methods and attributes defined here.
@@ -48,16 +49,25 @@ class RootContext(object):
         return self.channel.ask("next_layer", layer)
 
     def _next_layer(self, top_layer):
-        # 1. Check for --ignore.
-        if self.config.check_ignore(top_layer.server_conn.address):
-            return RawTCPLayer(top_layer, logging=False)
-
         try:
             d = top_layer.client_conn.rfile.peek(3)
         except TcpException as e:
             six.reraise(ProtocolException, ProtocolException(str(e)), sys.exc_info()[2])
         client_tls = is_tls_record_magic(d)
 
+        # 1. check for --ignore
+        if self.config.check_ignore:
+            ignore = self.config.check_ignore(top_layer.server_conn.address)
+            if not ignore and client_tls:
+                try:
+                    client_hello = TlsClientHello.from_client_conn(self.client_conn)
+                except TlsProtocolException as e:
+                    self.log("Cannot parse Client Hello: %s" % repr(e), "error")
+                else:
+                    ignore = self.config.check_ignore((client_hello.client_sni, 443))
+            if ignore:
+                return RawTCPLayer(top_layer, logging=False)
+
         # 2. Always insert a TLS layer, even if there's neither client nor server tls.
         # An inline script may upgrade from http to https,
         # in which case we need some form of TLS layer.
@@ -123,6 +133,7 @@ class RootContext(object):
 
 
 class Log(object):
+
     def __init__(self, msg, level="info"):
         self.msg = msg
         self.level = level
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py
index 8917f99a..750cb1a4 100644
--- a/libmproxy/proxy/server.py
+++ b/libmproxy/proxy/server.py
@@ -65,6 +65,7 @@ class ProxyServer(tcp.TCPServer):
 
 
 class ConnectionHandler(object):
+
     def __init__(self, client_conn, client_address, config, channel):
         self.config = config
         """@type: libmproxy.proxy.config.ProxyConfig"""