aboutsummaryrefslogtreecommitdiffstats
path: root/libmproxy/proxy/server.py
diff options
context:
space:
mode:
authorMaximilian Hils <git@maximilianhils.com>2015-02-27 09:17:41 +0100
committerMaximilian Hils <git@maximilianhils.com>2015-02-27 09:17:41 +0100
commit81a274eb51ea7552667a872f0b6db1aeca9315b3 (patch)
treeb66d1c5c1b5bec39f3ae677bca61f4c68bb623cf /libmproxy/proxy/server.py
parentc9240812d9239591915b521524e8a1dbbef05b0f (diff)
downloadmitmproxy-81a274eb51ea7552667a872f0b6db1aeca9315b3.tar.gz
mitmproxy-81a274eb51ea7552667a872f0b6db1aeca9315b3.tar.bz2
mitmproxy-81a274eb51ea7552667a872f0b6db1aeca9315b3.zip
fix #479
Diffstat (limited to 'libmproxy/proxy/server.py')
-rw-r--r--libmproxy/proxy/server.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py
index ea78d964..4e576067 100644
--- a/libmproxy/proxy/server.py
+++ b/libmproxy/proxy/server.py
@@ -285,7 +285,12 @@ class ConnectionHandler:
if sni != self.server_conn.sni:
self.log("SNI received: %s" % sni, "debug")
- self.server_reconnect(sni) # reconnect to upstream server with SNI
+ # We should only re-establish upstream SSL if one of the following conditions is true:
+ # - We established SSL with the server previously
+ # - We initially wanted to establish SSL with the server,
+ # but the server refused to negotiate without SNI.
+ if self.server_conn.ssl_established or hasattr(self.server_conn, "may_require_sni"):
+ self.server_reconnect(sni) # reconnect to upstream server with SNI
# Now, change client context to reflect changed certificate:
cert, key, chain_file = self.find_cert()
new_context = self.client_conn._create_ssl_context(
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 00:58:04 +0000