From 81a274eb51ea7552667a872f0b6db1aeca9315b3 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Fri, 27 Feb 2015 09:17:41 +0100
Subject: fix #479

---
 libmproxy/proxy/server.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'libmproxy/proxy')

diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py
index ea78d964..4e576067 100644
--- a/libmproxy/proxy/server.py
+++ b/libmproxy/proxy/server.py
@@ -285,7 +285,12 @@ class ConnectionHandler:
 
             if sni != self.server_conn.sni:
                 self.log("SNI received: %s" % sni, "debug")
-                self.server_reconnect(sni)  # reconnect to upstream server with SNI
+                # We should only re-establish upstream SSL if one of the following conditions is true:
+                #   - We established SSL with the server previously
+                #   - We initially wanted to establish SSL with the server,
+                #     but the server refused to negotiate without SNI.
+                if self.server_conn.ssl_established or hasattr(self.server_conn, "may_require_sni"):
+                    self.server_reconnect(sni)  # reconnect to upstream server with SNI
                 # Now, change client context to reflect changed certificate:
                 cert, key, chain_file = self.find_cert()
                 new_context = self.client_conn._create_ssl_context(
-- 
cgit v1.2.3