From f33d128a7f27eb2103e511b830c00fe09091c448 Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jsoriano@tuenti.com>
Date: Thu, 26 Sep 2013 12:23:48 +0200
Subject: Reverse proxy works with SSL

---
 libmproxy/proxy.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 75a54192..826726c8 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -414,10 +414,21 @@ class ProxyHandler(tcp.BaseHandler):
                     )
 
     def read_request_reverse(self, client_conn):
+        scheme, host, port = self.config.reverse_proxy
+        if scheme.lower() == "https":
+            if not self.ssl_established:
+                dummycert = self.find_cert(client_conn, host, port, host)
+                sni = HandleSNI(
+                    self, client_conn, host, port,
+                    dummycert, self.config.certfile or self.config.cacert
+                )
+                try:
+                    self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
+                except tcp.NetLibError, v:
+                    raise ProxyError(400, str(v))
         line = self.get_line(self.rfile)
         if line == "":
             return None
-        scheme, host, port = self.config.reverse_proxy
         r = http.parse_init_http(line)
         if not r:
             raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
@@ -427,7 +438,7 @@ class ProxyHandler(tcp.BaseHandler):
                     self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
                 )
         return flow.Request(
-                    client_conn, httpversion, host, port, "http", method, path, headers, content,
+                    client_conn, httpversion, host, port, scheme, method, path, headers, content,
                     self.rfile.first_byte_timestamp, utils.timestamp()
                )
 
-- 
cgit v1.2.3


From 7140323bdbd5fe03d23efff7ca71265a29f3e058 Mon Sep 17 00:00:00 2001
From: Jaime Soriano Pastor <jsoriano@tuenti.com>
Date: Thu, 26 Sep 2013 12:38:13 +0200
Subject: New method establish_ssl to avoid duplicated code

---
 libmproxy/proxy.py | 44 +++++++++++++++-----------------------------
 1 file changed, 15 insertions(+), 29 deletions(-)

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 826726c8..394db493 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -310,6 +310,17 @@ class ProxyHandler(tcp.BaseHandler):
                 raise ProxyError(502, "Unable to generate dummy cert.")
             return ret
 
+    def establish_ssl(self, client_conn, host, port):
+        dummycert = self.find_cert(client_conn, host, port, host)
+        sni = HandleSNI(
+            self, client_conn, host, port,
+            dummycert, self.config.certfile or self.config.cacert
+        )
+        try:
+            self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
+        except tcp.NetLibError, v:
+            raise ProxyError(400, str(v))
+
     def get_line(self, fp):
         """
             Get a line, possibly preceded by a blank.
@@ -329,15 +340,7 @@ class ProxyHandler(tcp.BaseHandler):
         if port in self.config.transparent_proxy["sslports"]:
             scheme = "https"
             if not self.ssl_established:
-                dummycert = self.find_cert(client_conn, host, port, host)
-                sni = HandleSNI(
-                    self, client_conn, host, port,
-                    dummycert, self.config.certfile or self.config.cacert
-                )
-                try:
-                    self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
-                except tcp.NetLibError, v:
-                    raise ProxyError(400, str(v))
+                self.establish_ssl(client_conn, host, port)
         else:
             scheme = "http"
         line = self.get_line(self.rfile)
@@ -372,15 +375,7 @@ class ProxyHandler(tcp.BaseHandler):
                             '\r\n'
                             )
                 self.wfile.flush()
-                dummycert = self.find_cert(client_conn, host, port, host)
-                sni = HandleSNI(
-                    self, client_conn, host, port,
-                    dummycert, self.config.certfile or self.config.cacert
-                )
-                try:
-                    self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
-                except tcp.NetLibError, v:
-                    raise ProxyError(400, str(v))
+                self.establish_ssl(client_conn, host, port)
                 self.proxy_connect_state = (host, port, httpversion)
                 line = self.rfile.readline(line)
 
@@ -415,17 +410,8 @@ class ProxyHandler(tcp.BaseHandler):
 
     def read_request_reverse(self, client_conn):
         scheme, host, port = self.config.reverse_proxy
-        if scheme.lower() == "https":
-            if not self.ssl_established:
-                dummycert = self.find_cert(client_conn, host, port, host)
-                sni = HandleSNI(
-                    self, client_conn, host, port,
-                    dummycert, self.config.certfile or self.config.cacert
-                )
-                try:
-                    self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
-                except tcp.NetLibError, v:
-                    raise ProxyError(400, str(v))
+        if scheme.lower() == "https" and not self.ssl_established:
+            self.establish_ssl(client_conn, host, port)
         line = self.get_line(self.rfile)
         if line == "":
             return None
-- 
cgit v1.2.3