Adds a error handler to ConnectAction

This allows the users to client handle connect errors related to certificates, useful, as in the example, when some clients are using certificate pinning to allow them to connect without mitm

examples/goproxy-mitmerror/main.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"net/http"
+	"sync"
+
+	"github.com/elazarl/goproxy"
+)
+
+func main() {
+	verbose := flag.Bool("v", false, "should every proxy request be logged to stdout")
+	addr := flag.String("addr", ":8080", "proxy listen address")
+	flag.Parse()
+	proxy := goproxy.NewProxyHttpServer()
+	var mitmErrorHosts sync.Map
+	proxy.OnRequest().HandleConnectFunc(func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
+		_, exists := mitmErrorHosts.Load(host)
+		if exists {
+			return goproxy.OkConnect, host
+		}
+
+		return &goproxy.ConnectAction{Action: goproxy.ConnectMitm, TLSConfig: goproxy.MitmConnect.TLSConfig, MitmError: func(req *http.Request, ctx *goproxy.ProxyCtx, err error) {
+			log.Printf("Adding host to mitm error: %s", host)
+			mitmErrorHosts.Store(host, true)
+		}}, host
+	})
+	proxy.Verbose = *verbose
+	log.Fatal(http.ListenAndServe(*addr, proxy))
+}

https.go

@@ -44,6 +44,7 @@ type ConnectAction struct {
 	Action    ConnectActionLiteral
 	Hijack    func(req *http.Request, client net.Conn, ctx *ProxyCtx)
 	TLSConfig func(host string, ctx *ProxyCtx) (*tls.Config, error)
+	MitmError func(req *http.Request, ctx *ProxyCtx, err error)
 }
 
 func stripPort(s string) string {
@@ -192,6 +193,9 @@ func (proxy *ProxyHttpServer) handleHttps(w http.ResponseWriter, r *http.Request
 			rawClientTls := tls.Server(proxyClient, tlsConfig)
 			if err := rawClientTls.Handshake(); err != nil {
 				ctx.Warnf("Cannot handshake client %v %v", r.Host, err)
+				if todo.MitmError != nil {
+					todo.MitmError(r, ctx, err)
+				}
 				return
 			}
 			defer rawClientTls.Close()