From b07f194c6378ae9cd06d49948d0ef952b6e04e4f Mon Sep 17 00:00:00 2001
From: Noah Levitt <nlevitt@archive.org>
Date: Tue, 30 Jun 2015 17:38:45 -0700
Subject: [PATCH] send requested hostname to remote server if python ssl
version supports SNI, fixes ssl handshake error for some servers
---
warcprox/mitmproxy.py | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/warcprox/mitmproxy.py b/warcprox/mitmproxy.py
index d331caa..f3722d3 100644
--- a/warcprox/mitmproxy.py
+++ b/warcprox/mitmproxy.py
@@ -21,16 +21,7 @@ class MitmProxyHandler(http_server.BaseHTTPRequestHandler):
def __init__(self, request, client_address, server):
self.is_connect = False
-
- ## XXX hack around bizarre bug on my mac python 3.2 in http.server
- ## where hasattr returns true in the code snippet below, but
- ## self._headers_buffer is None
- #
- # if not hasattr(self, '_headers_buffer'):
- # self._headers_buffer = []
- # self._headers_buffer.append(
self._headers_buffer = []
-
http_server.BaseHTTPRequestHandler.__init__(self, request, client_address, server)
def _determine_host_port(self):
@@ -63,7 +54,17 @@ class MitmProxyHandler(http_server.BaseHTTPRequestHandler):
# Wrap socket if SSL is required
if self.is_connect:
- self._proxy_sock = ssl.wrap_socket(self._proxy_sock)
+ try:
+ context = ssl.create_default_context()
+ context.check_hostname = False
+ context.verify_mode = ssl.CERT_NONE
+ self._proxy_sock = context.wrap_socket(self._proxy_sock, server_hostname=self.hostname)
+ except AttributeError:
+ try:
+ self._proxy_sock = ssl.wrap_socket(self._proxy_sock)
+ except ssl.SSLError:
+ self.logger.warn("failed to establish ssl connection to {}; python ssl library does not support SNI, considering upgrading to python >= 2.7.9 or python 3.4".format(self.hostname))
+ raise
def _transition_to_ssl(self):
self.request = self.connection = ssl.wrap_socket(self.connection,