diff options
| -rw-r--r-- | libmproxy/protocol2/tls.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/libmproxy/protocol2/tls.py b/libmproxy/protocol2/tls.py index 9c8aeb24..433dd65d 100644 --- a/libmproxy/protocol2/tls.py +++ b/libmproxy/protocol2/tls.py @@ -51,9 +51,7 @@ class TlsLayer(Layer): self._parse_client_hello() if client_tls_requires_server_cert: - self.ctx.connect() - self._establish_tls_with_server() - self._establish_tls_with_client() + self._establish_tls_with_client_and_server() elif self._client_tls: self._establish_tls_with_client() @@ -148,6 +146,22 @@ class TlsLayer(Layer): self.log("ALPN for client: %s" % choice, "debug") return choice + def _establish_tls_with_client_and_server(self): + self.ctx.connect() + + # If establishing TLS with the server fails, we try to establish TLS with the client nonetheless + # to send an error message over TLS. + try: + self._establish_tls_with_server() + except Exception as e: + try: + self._establish_tls_with_client() + except: + pass + raise e + + self._establish_tls_with_client() + def _establish_tls_with_client(self): self.log("Establish TLS with client", "debug") cert, key, chain_file = self._find_cert() |