From d6bd1cb4a697f40b1143457fe08eaca309dd4478 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Sat, 14 Nov 2015 21:55:02 +0100
Subject: fix HTTPS Proxy-Authentication, refs #824

---
 libmproxy/protocol/http.py | 5 ++++-
 libmproxy/proxy/config.py  | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'libmproxy')

diff --git a/libmproxy/protocol/http.py b/libmproxy/protocol/http.py
index 8740927e..8d6a53c6 100644
--- a/libmproxy/protocol/http.py
+++ b/libmproxy/protocol/http.py
@@ -309,7 +309,10 @@ class HttpLayer(Layer):
                 self.log("request", "debug", [repr(request)])
 
                 # Handle Proxy Authentication
-                if not self.authenticate(request):
+                # Proxy Authentication conceptually does not work in transparent mode.
+                # We catch this misconfiguration on startup. Here, we sort out requests
+                # after a successful CONNECT request (which do not need to be validated anymore)
+                if self.mode != "transparent" and not self.authenticate(request):
                     return
 
                 # Make sure that the incoming request matches our expectations
diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py
index cd9eda5a..0b45d83e 100644
--- a/libmproxy/proxy/config.py
+++ b/libmproxy/proxy/config.py
@@ -141,6 +141,9 @@ def process_proxy_options(parser, options):
 
     if options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd:
 
+        if options.transparent_proxy:
+            return parser.error("Proxy Authentication not supported in transparent mode.")
+
         if options.socks_proxy:
             return parser.error(
                 "Proxy Authentication not supported in SOCKS mode. "
-- 
cgit v1.2.3