func listenTransparentTLS(proxy *goproxy.ProxyHttpServer, addr string,
timeout time.Duration) error {
// listen to the TLS ClientHello but make it a CONNECT request instead
ln, err := net.Listen("tcp", addr)
if err != nil {
return err
}
for {
c, err := ln.Accept()
if err != nil {
log.Printf("error accepting new connection - %v", err)
continue
}
go func(c net.Conn) {
c.SetDeadline(time.Now().Add(timeout))
tlsConn, err := vhost.TLS(c)
if err != nil {
log.Printf("error accepting new connection - %v", err)
}
if tlsConn.Host() == "" {
log.Printf("cannot support non-SNI enabled clients")
return
}
connectReq := &http.Request{
Method: "CONNECT",
URL: &url.URL{
Opaque: tlsConn.Host(),
Host: net.JoinHostPort(tlsConn.Host(), "443"),
},
Host: tlsConn.Host(),
Header: make(http.Header),
}
resp := dumbResponseWriter{tlsConn}
proxy.ServeHTTP(resp, connectReq)
}(c)
}
}
