Merge pull request #170 from jsoriano/master

Reverse proxy works with SSL
This commit is contained in:
Aldo Cortesi 2013-12-08 01:02:17 -08:00
commit 4816cae98c

View File

@ -311,6 +311,17 @@ class ProxyHandler(tcp.BaseHandler):
raise ProxyError(502, "Unable to generate dummy cert.") raise ProxyError(502, "Unable to generate dummy cert.")
return ret return ret
def establish_ssl(self, client_conn, host, port):
dummycert = self.find_cert(client_conn, host, port, host)
sni = HandleSNI(
self, client_conn, host, port,
dummycert, self.config.certfile or self.config.cacert
)
try:
self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
except tcp.NetLibError, v:
raise ProxyError(400, str(v))
def get_line(self, fp): def get_line(self, fp):
""" """
Get a line, possibly preceded by a blank. Get a line, possibly preceded by a blank.
@ -330,15 +341,7 @@ class ProxyHandler(tcp.BaseHandler):
if port in self.config.transparent_proxy["sslports"]: if port in self.config.transparent_proxy["sslports"]:
scheme = "https" scheme = "https"
if not self.ssl_established: if not self.ssl_established:
dummycert = self.find_cert(client_conn, host, port, host) self.establish_ssl(client_conn, host, port)
sni = HandleSNI(
self, client_conn, host, port,
dummycert, self.config.certfile or self.config.cacert
)
try:
self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
except tcp.NetLibError, v:
raise ProxyError(400, str(v))
else: else:
scheme = "http" scheme = "http"
line = self.get_line(self.rfile) line = self.get_line(self.rfile)
@ -373,15 +376,7 @@ class ProxyHandler(tcp.BaseHandler):
'\r\n' '\r\n'
) )
self.wfile.flush() self.wfile.flush()
dummycert = self.find_cert(client_conn, host, port, host) self.establish_ssl(client_conn, host, port)
sni = HandleSNI(
self, client_conn, host, port,
dummycert, self.config.certfile or self.config.cacert
)
try:
self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
except tcp.NetLibError, v:
raise ProxyError(400, str(v))
self.proxy_connect_state = (host, port, httpversion) self.proxy_connect_state = (host, port, httpversion)
line = self.rfile.readline(line) line = self.rfile.readline(line)
@ -415,10 +410,12 @@ class ProxyHandler(tcp.BaseHandler):
) )
def read_request_reverse(self, client_conn): def read_request_reverse(self, client_conn):
scheme, host, port = self.config.reverse_proxy
if scheme.lower() == "https" and not self.ssl_established:
self.establish_ssl(client_conn, host, port)
line = self.get_line(self.rfile) line = self.get_line(self.rfile)
if line == "": if line == "":
return None return None
scheme, host, port = self.config.reverse_proxy
r = http.parse_init_http(line) r = http.parse_init_http(line)
if not r: if not r:
raise ProxyError(400, "Bad HTTP request line: %s"%repr(line)) raise ProxyError(400, "Bad HTTP request line: %s"%repr(line))
@ -428,7 +425,7 @@ class ProxyHandler(tcp.BaseHandler):
self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
) )
return flow.Request( return flow.Request(
client_conn, httpversion, host, port, "http", method, path, headers, content, client_conn, httpversion, host, port, scheme, method, path, headers, content,
self.rfile.first_byte_timestamp, utils.timestamp() self.rfile.first_byte_timestamp, utils.timestamp()
) )