username/ppf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

proxywatchd: secondary check only for SSL handshake failures
All checks were successful
CI / syntax-check (push) Successful in 3s
Details
CI / memory-leak-check (push) Successful in 11s
Details

Browse Source
This commit is contained in:
Username
2025-12-26 21:36:45 +01:00
parent 03dd277c54
commit d9205614fc
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
proxywatchd.py
View File

@@ -1535,7 +1535,7 @@ class TargetTestJob():
elif et == rocksock.RS_ET_GAI: elif et == rocksock.RS_ET_GAI:
_log("could not resolve connection target %s" % connect_host, "ERROR") _log("could not resolve connection target %s" % connect_host, "ERROR")
break break
elif err == rocksock.RS_E_SSL_CERTIFICATE_ERROR: elif et == rocksock.RS_ET_SSL and err == rocksock.RS_E_SSL_CERTIFICATE_ERROR:
# MITM detected - proxy works but intercepts TLS # MITM detected - proxy works but intercepts TLS
ps.mitm = 1 ps.mitm = 1
elapsed = time.time() - duration elapsed = time.time() - duration
@@ -1559,9 +1559,9 @@ class TargetTestJob():
if config.watchd.debug: if config.watchd.debug:
_log('failed to extract MITM cert: %s' % str(e), 'debug') _log('failed to extract MITM cert: %s' % str(e), 'debug')
return None, proto, duration, torhost, srvname, 0, use_ssl, 'ssl_mitm' return None, proto, duration, torhost, srvname, 0, use_ssl, 'ssl_mitm'
elif et == rocksock.RS_ET_SSL and not ssl_only_check: elif et == rocksock.RS_ET_SSL and ssl_only_check:
# SSL failed but proxy protocol worked - fallback to Tor API check (HTTP) # SSL handshake failed (but proxy protocol worked) - verify with HTTP
# sock already disconnected above, but ensure cleanup # Only for 'ssl' checktype; cert errors handled above as MITM
try: try:
sock.disconnect() sock.disconnect()
except Exception: except Exception:
@@ -1569,7 +1569,7 @@ class TargetTestJob():
# Delay before secondary check (allows different Tor circuit) # Delay before secondary check (allows different Tor circuit)
time.sleep(0.3) time.sleep(0.3)
if config.watchd.debug: if config.watchd.debug:
_log('SSL failed, fallback to Tor API: %s://%s:%d' % (proto, ps.ip, ps.port), 'debug') _log('SSL handshake failed, fallback to HTTP: %s://%s:%d' % (proto, ps.ip, ps.port), 'debug')
try: try:
# Secondary check via Tor Project API (plain HTTP) # Secondary check via Tor Project API (plain HTTP)
tor_check_host = 'check.torproject.org' tor_check_host = 'check.torproject.org'