From 787242d7b0b7664c9ba1a31375b268d7cb2d08de Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Tue, 9 Mar 2021 20:39:38 +0200 Subject: [PATCH] lib/proxy: pass proxy hostname in `Host` header of the `CONNECT` request This should resolve the following issue when connecting to tls proxy: cannot validate certificate for ... because it doesn't contain any IP SANs --- lib/proxy/proxy.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/proxy/proxy.go b/lib/proxy/proxy.go index 0bc87398a..0bb6f9e8d 100644 --- a/lib/proxy/proxy.go +++ b/lib/proxy/proxy.go @@ -86,7 +86,7 @@ func (u *URL) NewDialFunc(ac *promauth.Config) (fasthttp.DialFunc, error) { } proxyConn = tls.Client(proxyConn, tlsCfgLocal) } - conn, err := sendConnectRequest(proxyConn, addr, authHeader) + conn, err := sendConnectRequest(proxyConn, proxyAddr, addr, authHeader) if err != nil { _ = proxyConn.Close() return nil, fmt.Errorf("error when sending CONNECT request to proxy %q: %w", pu, err) @@ -125,8 +125,8 @@ func defaultDialFunc(addr string) (net.Conn, error) { } // sendConnectRequest sends CONNECT request to proxyConn for the given addr and authHeader and returns the established connection to dstAddr. -func sendConnectRequest(proxyConn net.Conn, dstAddr, authHeader string) (net.Conn, error) { - req := "CONNECT " + dstAddr + " HTTP/1.1\r\nHost: " + dstAddr + "\r\n" + authHeader + "\r\n" +func sendConnectRequest(proxyConn net.Conn, proxyAddr, dstAddr, authHeader string) (net.Conn, error) { + req := "CONNECT " + dstAddr + " HTTP/1.1\r\nHost: " + proxyAddr + "\r\n" + authHeader + "\r\n" if _, err := proxyConn.Write([]byte(req)); err != nil { return nil, fmt.Errorf("cannot send CONNECT request for dstAddr=%q: %w", dstAddr, err) }