From b07f194c6378ae9cd06d49948d0ef952b6e04e4f Mon Sep 17 00:00:00 2001
From: Noah Levitt <nlevitt@archive.org>
Date: Tue, 30 Jun 2015 17:38:45 -0700
Subject: [PATCH] send requested hostname to remote server if python ssl
 version supports SNI, fixes ssl handshake error for some servers

---
 warcprox/mitmproxy.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/warcprox/mitmproxy.py b/warcprox/mitmproxy.py
index d331caa..f3722d3 100644
--- a/warcprox/mitmproxy.py
+++ b/warcprox/mitmproxy.py
@@ -21,16 +21,7 @@ class MitmProxyHandler(http_server.BaseHTTPRequestHandler):
 
     def __init__(self, request, client_address, server):
         self.is_connect = False
-
-        ## XXX hack around bizarre bug on my mac python 3.2 in http.server
-        ## where hasattr returns true in the code snippet below, but
-        ## self._headers_buffer is None
-        #
-        # if not hasattr(self, '_headers_buffer'):
-        #     self._headers_buffer = []
-        # self._headers_buffer.append(
         self._headers_buffer = []
-
         http_server.BaseHTTPRequestHandler.__init__(self, request, client_address, server)
 
     def _determine_host_port(self):
@@ -63,7 +54,17 @@ class MitmProxyHandler(http_server.BaseHTTPRequestHandler):
 
         # Wrap socket if SSL is required
         if self.is_connect:
-            self._proxy_sock = ssl.wrap_socket(self._proxy_sock)
+            try:
+                context = ssl.create_default_context()
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                self._proxy_sock = context.wrap_socket(self._proxy_sock, server_hostname=self.hostname)
+            except AttributeError:
+                try:
+                    self._proxy_sock = ssl.wrap_socket(self._proxy_sock)
+                except ssl.SSLError:
+                    self.logger.warn("failed to establish ssl connection to {}; python ssl library does not support SNI, considering upgrading to python >= 2.7.9 or python 3.4".format(self.hostname))
+                    raise
 
     def _transition_to_ssl(self):
         self.request = self.connection = ssl.wrap_socket(self.connection,