From 90365e270e3e10779f6401e8f2ab48f243479ab2 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 1 Jul 2012 12:10:32 +1200
Subject: [PATCH] Catch and handle SSL connection errors.

---
 libmproxy/proxy.py | 15 ++++++++++++---
 test/test_dump.py  |  4 +++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index f13dce60c..8f7210ca3 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -88,7 +88,10 @@ class ServerConnection(tcp.TCPClient):
                 path = os.path.join(self.config.clientcerts, self.host) + ".pem"
                 if os.path.exists(clientcert):
                     clientcert = path
-            self.convert_to_ssl(clientcert=clientcert, sni=self.host)
+            try:
+                self.convert_to_ssl(clientcert=clientcert, sni=self.host)
+            except tcp.NetLibError, v:
+                raise ProxyError(400, str(v))
 
     def send(self, request):
         self.requestcount += 1
@@ -260,7 +263,10 @@ class ProxyHandler(tcp.BaseHandler):
             if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]):
                 scheme = "https"
                 certfile = self.find_cert(host, port, None)
-                self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                try:
+                    self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                except tcp.NetLibError, v:
+                    raise ProxyError(400, str(v))
             else:
                 scheme = "http"
             host = self.sni or host
@@ -312,7 +318,10 @@ class ProxyHandler(tcp.BaseHandler):
                             )
                 self.wfile.flush()
                 certfile = self.find_cert(host, port, None)
-                self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                try:
+                    self.convert_to_ssl(certfile, self.config.certfile or self.config.cacert)
+                except tcp.NetLibError, v:
+                    raise ProxyError(400, str(v))
                 self.proxy_connect_state = (host, port, httpversion)
                 line = self.rfile.readline(line)
             if self.proxy_connect_state:
diff --git a/test/test_dump.py b/test/test_dump.py
index f13245ed0..5e2fcdc48 100644
--- a/test/test_dump.py
+++ b/test/test_dump.py
@@ -1,7 +1,7 @@
 import os
 from cStringIO import StringIO
 import libpry
-from libmproxy import dump, flow
+from libmproxy import dump, flow, proxy
 import tutils
 
 def test_strfuncs():
@@ -20,6 +20,8 @@ class TestDumpMaster:
     def _cycle(self, m, content):
         req = tutils.treq()
         req.content = content
+        l = proxy.Log("connect")
+        m.handle_log(l)
         cc = req.client_conn
         cc.connection_error = "error"
         resp = tutils.tresp(req)