From 308681c405177dd893384bb039854c08c88e852c Mon Sep 17 00:00:00 2001
From: Senthil Kumaran <orsenthil@gmail.com>
Date: Sun, 26 Jul 2009 12:36:08 +0000
Subject: [PATCH] Backporting the changes made in revision 72880 as fix for
 Issue1424152.

---
 Lib/httplib.py           | 29 +++++++++++++++++++++++++++++
 Lib/test/test_urllib2.py | 15 +++++++++++++++
 Lib/urllib2.py           | 16 +++++++++++++---
 Misc/NEWS                |  3 +++
 4 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/Lib/httplib.py b/Lib/httplib.py
index 20a92047bfb..1f584ef0779 100644
--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@@ -652,11 +652,18 @@ class HTTPConnection:
         self.__response = None
         self.__state = _CS_IDLE
         self._method = None
+        self._tunnel_host = None
+        self._tunnel_port = None
 
         self._set_hostport(host, port)
         if strict is not None:
             self.strict = strict
 
+    def _set_tunnel(self, host, port=None):
+        """ Sets up the host and the port for the HTTP CONNECT Tunnelling."""
+        self._tunnel_host = host
+        self._tunnel_port = port
+
     def _set_hostport(self, host, port):
         if port is None:
             i = host.rfind(':')
@@ -677,11 +684,30 @@ class HTTPConnection:
     def set_debuglevel(self, level):
         self.debuglevel = level
 
+    def _tunnel(self):
+        self._set_hostport(self._tunnel_host, self._tunnel_port)
+        self.send("CONNECT %s:%d HTTP/1.0\r\n\r\n" % (self.host, self.port))
+        response = self.response_class(self.sock, strict = self.strict,
+                                       method = self._method)
+        (version, code, message) = response._read_status()
+
+        if code != 200:
+            self.close()
+            raise socket.error, "Tunnel connection failed: %d %s" % (code,
+                                                                     message.strip())
+        while True:
+            line = response.fp.readline()
+            if line == '\r\n': break
+
+
     def connect(self):
         """Connect to the host and port specified in __init__."""
         self.sock = socket.create_connection((self.host,self.port),
                                              self.timeout)
 
+        if self._tunnel_host:
+            self._tunnel()
+
     def close(self):
         """Close the connection to the HTTP server."""
         if self.sock:
@@ -1070,6 +1096,9 @@ else:
             "Connect to a host on a given (SSL) port."
 
             sock = socket.create_connection((self.host, self.port), self.timeout)
+            if self._tunnel_host:
+                self.sock = sock
+                self._tunnel()
             self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
 
     __all__.append("HTTPSConnection")
diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
index fe5688b5441..b83eb4600e9 100644
--- a/Lib/test/test_urllib2.py
+++ b/Lib/test/test_urllib2.py
@@ -943,6 +943,21 @@ class HandlerTests(unittest.TestCase):
         self.assertEqual([(handlers[0], "http_open")],
                          [tup[0:2] for tup in o.calls])
 
+    def test_proxy_https(self):
+        o = OpenerDirector()
+        ph = urllib2.ProxyHandler(dict(https='proxy.example.com:3128'))
+        o.add_handler(ph)
+        meth_spec = [
+            [("https_open","return response")]
+        ]
+        handlers = add_ordered_mock_handlers(o, meth_spec)
+        req = Request("https://www.example.com/")
+        self.assertEqual(req.get_host(), "www.example.com")
+        r = o.open(req)
+        self.assertEqual(req.get_host(), "proxy.example.com:3128")
+        self.assertEqual([(handlers[0], "https_open")],
+                         [tup[0:2] for tup in o.calls])
+
     def test_basic_auth(self, quote_char='"'):
         opener = OpenerDirector()
         password_manager = MockPasswordManager()
diff --git a/Lib/urllib2.py b/Lib/urllib2.py
index d36aa807e4d..cf7e1fa6b58 100644
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -192,6 +192,7 @@ class Request:
         # self.__r_type is what's left after doing the splittype
         self.host = None
         self.port = None
+        self._tunnel_host = None
         self.data = data
         self.headers = {}
         for key, value in headers.items():
@@ -252,8 +253,13 @@ class Request:
         return self.__r_host
 
     def set_proxy(self, host, type):
-        self.host, self.type = host, type
-        self.__r_host = self.__original
+        if self.type == 'https' and not self._tunnel_host:
+            self._tunnel_host = self.host
+        else:
+            self.type = type
+            self.__r_host = self.__original
+
+        self.host = host
 
     def has_proxy(self):
         return self.__r_host == self.__original
@@ -700,7 +706,7 @@ class ProxyHandler(BaseHandler):
             req.add_header('Proxy-authorization', 'Basic ' + creds)
         hostport = unquote(hostport)
         req.set_proxy(hostport, proxy_type)
-        if orig_type == proxy_type:
+        if orig_type == proxy_type or orig_type == 'https':
             # let other handlers take care of it
             return None
         else:
@@ -1098,6 +1104,10 @@ class AbstractHTTPHandler(BaseHandler):
         headers["Connection"] = "close"
         headers = dict(
             (name.title(), val) for name, val in headers.items())
+
+        if req._tunnel_host:
+            h._set_tunnel(req._tunnel_host)
+
         try:
             h.request(req.get_method(), req.get_selector(), req.data, headers)
             r = h.getresponse()
diff --git a/Misc/NEWS b/Misc/NEWS
index 3374e13a988..cbc07a14a9b 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -67,6 +67,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #1424152: Fix for httplib, urllib2 to support SSL while working through
+  proxy. Original patch by Christopher Li, changes made by Senthil Kumaran.
+
 - Issues #5155, 5313, 5331: multiprocessing.Process._bootstrap was 
   unconditionally calling "os.close(sys.stdin.fileno())" resulting in file
   descriptor errors