| 358 | } |
| 359 | |
| 360 | func (p *HTTPProxy) httpsWorker() error { |
| 361 | var err error |
| 362 | |
| 363 | // listen to the TLS ClientHello but make it a CONNECT request instead |
| 364 | p.sniListener, err = net.Listen("tcp", p.Server.Addr) |
| 365 | if err != nil { |
| 366 | return err |
| 367 | } |
| 368 | |
| 369 | p.isRunning = true |
| 370 | for p.isRunning { |
| 371 | c, err := p.sniListener.Accept() |
| 372 | if err != nil { |
| 373 | p.Warning("error accepting connection: %s.", err) |
| 374 | continue |
| 375 | } |
| 376 | |
| 377 | go func(c net.Conn) { |
| 378 | now := time.Now() |
| 379 | c.SetReadDeadline(now.Add(httpReadTimeout)) |
| 380 | c.SetWriteDeadline(now.Add(httpWriteTimeout)) |
| 381 | |
| 382 | tlsConn, err := vhost.TLS(c) |
| 383 | if err != nil { |
| 384 | p.Warning("error reading SNI: %s.", err) |
| 385 | return |
| 386 | } |
| 387 | |
| 388 | hostname := tlsConn.Host() |
| 389 | if hostname == "" { |
| 390 | p.Warning("client does not support SNI.") |
| 391 | return |
| 392 | } |
| 393 | |
| 394 | p.Debug("proxying connection from %s to %s", tui.Bold(stripPort(c.RemoteAddr().String())), tui.Yellow(hostname)) |
| 395 | |
| 396 | req := &http.Request{ |
| 397 | Method: "CONNECT", |
| 398 | URL: &url.URL{ |
| 399 | Opaque: hostname, |
| 400 | Host: net.JoinHostPort(hostname, "443"), |
| 401 | }, |
| 402 | Host: hostname, |
| 403 | Header: make(http.Header), |
| 404 | RemoteAddr: c.RemoteAddr().String(), |
| 405 | } |
| 406 | p.Proxy.ServeHTTP(dumbResponseWriter{tlsConn}, req) |
| 407 | }(c) |
| 408 | } |
| 409 | |
| 410 | return nil |
| 411 | } |
| 412 | |
| 413 | func (p *HTTPProxy) Start() { |
| 414 | go func() { |