mbargiel
commented
2 years ago I think it would be as simple as
if (secureProxy) {
debug('Creating `tls.Socket`: %o', proxy);
- socket = tls.connect(proxy as tls.ConnectionOptions);
+ const servername = proxy.servername || proxy.host;
+ socket = tls.connect({ ...proxy, servername } as tls.ConnectionOptions);
} else {
TooTallNate
I have a setup where I'm testing various proxy configurations using a custom self-signed certificate authority to test "valid" user configurations. I pass the custom ca root to my tests using the TLS request option
ca. Recently I ran into an issue where it's not possible to connect to a proxy server over HTTPS despite having setca.Repro steps: 1) Install
mitmproxy(e.g.brew install mitmproxy) 2) In a terminal, runmitmdumpwith default configuration 3) In another terminal, inspect the mitmproxy-generated certificate with openssl by running the following command:openssl s_client -connect localhost:8080 </dev/null 2>/dev/null | openssl x509 -noout -text--> Observe the certificate only declaresSubject: CN=127.0.0.1andX509v3 Subject Alternative Name: IP Address:127.0.0.1. 4) Attempt to usehttps-proxy-agentwithhttps_proxy=https://localhost:8080. --> Observe failure (ERR_TLS_CERT_ALTNAME_INVALID...)I see the code handling the upstream TLS connection uses
opts.hostas a fallback in caseopts.servernameis not provided (https://github.com/TooTallNate/node-https-proxy-agent/blob/master/src/agent.ts#L141), but such fallback logic is not implemented for the proxy host connection itself. Would you take a PR to implement the same kind of logic around the proxytls.connectcall itself (https://github.com/TooTallNate/node-https-proxy-agent/blob/master/src/agent.ts#L95)?