From 62a4e44dc144c98e5fbc068085c0d4379154e105 Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Wed, 20 May 2020 23:38:09 +0100 Subject: [PATCH] Fixes issue with tls handshake failing on some sites This issue was caused because the ServerName property was not being set when making tls requests From the GO docs: ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address. https://pkg.go.dev/crypto/tls?tab=doc --- proxyhttp.go | 2 ++ proxylistener.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/proxyhttp.go b/proxyhttp.go index dcde977..afe6233 100644 --- a/proxyhttp.go +++ b/proxyhttp.go @@ -416,6 +416,7 @@ func wsDial(req *ProxyRequest, useProxy bool, proxyHost string, proxyPort int, p if req.DestUseTLS { tls_conn := tls.Client(conn, &tls.Config{ InsecureSkipVerify: true, + ServerName: req.DestHost, }) conn = tls_conn } @@ -861,6 +862,7 @@ func submitRequest(req *ProxyRequest, useProxy bool, proxyHost string, if req.DestUseTLS { tls_conn := tls.Client(conn, &tls.Config{ InsecureSkipVerify: true, + ServerName: req.DestHost, }) conn = tls_conn } diff --git a/proxylistener.go b/proxylistener.go index 42d27a5..123e84f 100644 --- a/proxylistener.go +++ b/proxylistener.go @@ -242,6 +242,8 @@ func (pconn *proxyConn) StartMaybeTLS(hostname string) (bool, error) { config := &tls.Config{ InsecureSkipVerify: true, Certificates: []tls.Certificate{cert}, + ServerName: hostname, + } tlsConn := tls.Server(bufConn, config) pconn.conn = tlsConn