goproxy icon indicating copy to clipboard operation
goproxy copied to clipboard

Published 20 hours ago verified publisher icon elazarl

TLSClientConfig isn't set for CONNECT requests

Open moonchen opened this issue 3 years ago • 0 comments

I'm trying to proxy my CONNECT requests through another HTTPS proxy. I tried doing this:

if externalProxy != "" {
    proxy.Tr = &http.Transport{Proxy: func(req *http.Request) (*url.URL, error) {
        return url.Parse(externalProxy)
    }}
    proxy.ConnectDial = proxy.NewConnectDialToProxy(externalProxy)
}

When I proxy a CONNECT request through it, there is an error internally here: https://github.com/elazarl/goproxy/blob/a92cc753f88eb1d5f3ca49bd91da71fe815537ca/https.go#L399 The message is tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config.

I'm working around this by setting proxy.Tr.TLSClientConfig.ServerName when creating the proxy.

u, err := url.Parse(externalProxy)
proxy.Tr = &http.Transport{
	Proxy: func(req *http.Request) (*url.URL, error) {
		return u, nil
	},
	TLSClientConfig: &tls.Config{
		ServerName: u.Hostname(),
	},
}

I'd expect this server name to be set automatically when I call NewConnectDialToProxy, since the intent is to connect through another proxy.

moonchen avatar Apr 16 '21 00:04 moonchen