Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support 'sni_hostname' extension with SOCKS proxy. #772

Closed
1 task done
Allgot opened this issue Aug 8, 2023 · 4 comments · Fixed by #774
Closed
1 task done

Support 'sni_hostname' extension with SOCKS proxy. #772

Allgot opened this issue Aug 8, 2023 · 4 comments · Fixed by #774

Comments

@Allgot
Copy link
Contributor

Allgot commented Aug 8, 2023

Currently, there is an issue with sni_hostname not functioning correctly when the connection involves a socks proxy.
This problem arises due to the oversight in commit #696, where the update to _sync/socks_proxy.py and _async/socks_proxy.py was omitted.

Code for reproduction (written by @karosis88 at #771)

Set up proxy server (defaults to 1080 port)

git clone https://github.com/itsjfx/python-socks5-server
python python-socks5-server/server.py

Client

import httpcore

pool = httpcore.SOCKSProxy("socks5://127.0.0.1:1080")
response = pool.request("GET", 
                        "https://185.199.108.153:443", 
                        headers=[(b'Host', 'www.encode.io')], 
                        extensions={'sni_hostname': 'www.encode.io'})
print(response)

Expected output

<Response [200]>

Actual output

httpcore.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '185.199.108.153'. (_ssl.c:1123)

Suggested fix

Update the _sync/socks_proxy.py and _async/socks_proxy.py in a manner similar to that of the _sync/connection.py and _async/connection.py.

Example fix for _async/socks_proxy.py:

218    218      timeouts = request.extensions.get("timeout", {})
       219   +  sni_hostname = request.extensions.get("sni_hostname", None)
219    220      timeout = timeouts.get("connect", None)

261          -  "server_hostname": self._remote_origin.host.decode("ascii"),
       262   +  "server_hostname": sni_hostname
       263   +  or self._origin.host.decode("ascii"),
@tomchristie
Copy link
Member

Thanks for this, I'll retitle it so that it's more specific.

@tomchristie tomchristie changed the title Inconsistent update, regarding sni_hostname extension. Support 'sni_hostname' extension with SOCKS proxy. Aug 8, 2023
@tomchristie
Copy link
Member

@Allgot Would you like to issue a pull request resolving this?

@Allgot
Copy link
Contributor Author

Allgot commented Aug 8, 2023

@tomchristie
No problem!

But since this is my first contribution to this repository(in terms of pull requests), my request might not be perfect. It would be great if you can correct errors, if exist :)

@Allgot
Copy link
Contributor Author

Allgot commented Aug 9, 2023

I've send a PR. Please refer to #774

@tomchristie tomchristie mentioned this issue Sep 1, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support sni_hostname extension with SOCKS proxy. Allgot/httpcore
2 participants
@tomchristie @Allgot