From 790ad468e4352419ef519401680f99ee3beb148d Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 17 Mar 2013 14:35:36 +1300
Subject: [PATCH] Fix bug that caused mis-identification of some HTTPS
 connections in transparent mode.

---
 libmproxy/proxy.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 7459fadfc..3d55190d6 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -323,17 +323,18 @@ class ProxyHandler(tcp.BaseHandler):
         if not orig:
             raise ProxyError(502, "Transparent mode failure: could not resolve original destination.")
         host, port = orig
-        if not self.ssl_established and (port in self.config.transparent_proxy["sslports"]):
+        if port in self.config.transparent_proxy["sslports"]:
             scheme = "https"
-            dummycert = self.find_cert(client_conn, host, port, host)
-            sni = HandleSNI(
-                self, client_conn, host, port,
-                dummycert, self.config.certfile or self.config.cacert
-            )
-            try:
-                self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
-            except tcp.NetLibError, v:
-                raise ProxyError(400, str(v))
+            if not self.ssl_established:
+                dummycert = self.find_cert(client_conn, host, port, host)
+                sni = HandleSNI(
+                    self, client_conn, host, port,
+                    dummycert, self.config.certfile or self.config.cacert
+                )
+                try:
+                    self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni)
+                except tcp.NetLibError, v:
+                    raise ProxyError(400, str(v))
         else:
             scheme = "http"
         line = self.get_line(self.rfile)