fix: upstream proxy for https connect

Signed-off-by: zu1k <[email protected]>

Cargo.lock

@@ -878,7 +878,10 @@ dependencies = [
  "headers",
  "http",
  "hyper",
+ "hyper-tls",
+ "native-tls",
  "tokio",
+ "tokio-native-tls",
  "tower-service",
 ]
 

crates/core/Cargo.toml

@@ -13,7 +13,7 @@ bytes = { version = "1", features = ["serde"] }
 cfg-if = "1"
 http = "0.2"
 hyper = { version = "0.14", features = ["client", "http1", "server", "stream", "tcp"]  }
-hyper-proxy = { version = "0.9", default-features = false }
+hyper-proxy = { version = "0.9" }
 hyper-rustls = { version = "0.23" }
 hyper-tls = { version = "0.5", optional = true }
 log = "0.4"

crates/core/src/error.rs

@@ -1,4 +1,5 @@
 use rcgen::RcgenError;
+use std::io;
 use thiserror::Error;
 
 #[derive(Debug, Error)]
@@ -6,7 +7,11 @@ pub enum Error {
     #[error("invalid CA")]
     Tls(#[from] RcgenError),
     #[error("network error")]
-    Network(#[from] hyper::Error),
+    HyperError(#[from] hyper::Error),
+    #[error("TlsConnector error")]
+    TlsConnectorError(#[from] hyper_tls::native_tls::Error),
+    #[error("IO error")]
+    IO(#[from] io::Error),
     #[error("unable to decode response body")]
     Decode,
     #[error("unknown error")]

crates/core/src/http_client.rs

@@ -1,3 +1,4 @@
+use crate::error::Error;
 use hyper::{client::HttpConnector, Client};
 use hyper_proxy::{Proxy as UpstreamProxy, ProxyConnector};
 use rustls::client::{ServerCertVerified, ServerCertVerifier};
@@ -19,7 +20,7 @@ pub enum HttpClient {
     Https(Client<HttpsConnector<HttpConnector>>),
 }
 
-pub fn gen_client(upstream_proxy: Option<UpstreamProxy>) -> HttpClient {
+pub fn gen_client(upstream_proxy: Option<UpstreamProxy>) -> Result<HttpClient, Error> {
     cfg_if::cfg_if! {
         if #[cfg(feature = "request-native-tls")] {
             let https = {
@@ -27,8 +28,7 @@ pub fn gen_client(upstream_proxy: Option<UpstreamProxy>) -> HttpClient {
                     .danger_accept_invalid_certs(true)
                     .danger_accept_invalid_hostnames(true)
                     .disable_built_in_roots(true)
-                    .build()
-                    .unwrap();
+                    .build()?;
                 let mut http = HttpConnector::new();
                 http.enforce_http(false);
                 HttpsConnector::from((http, tls.into()))
@@ -54,20 +54,20 @@ pub fn gen_client(upstream_proxy: Option<UpstreamProxy>) -> HttpClient {
     }
 
     if let Some(proxy) = upstream_proxy {
-        let connector = ProxyConnector::from_proxy_unsecured(https, proxy);
-        return HttpClient::Proxy(
+        let connector = ProxyConnector::from_proxy(https, proxy)?;
+        return Ok(HttpClient::Proxy(
             Client::builder()
                 .http1_title_case_headers(true)
                 .http1_preserve_header_case(true)
                 .build(connector),
-        );
+        ));
     } else {
-        HttpClient::Https(
+        Ok(HttpClient::Https(
             Client::builder()
                 .http1_title_case_headers(true)
                 .http1_preserve_header_case(true)
                 .build(https),
-        )
+        ))
     }
 }
 

crates/core/src/lib.rs

@@ -51,7 +51,7 @@ where
     D: CustomContextData,
 {
     pub async fn start_proxy(self) -> Result<(), Error> {
-        let client = gen_client(self.upstream_proxy);
+        let client = gen_client(self.upstream_proxy)?;
         let ca = Arc::new(self.ca);
 
         let http_handler = Arc::new(self.handler);
@@ -85,6 +85,6 @@ where
             .serve(make_service)
             .with_graceful_shutdown(self.shutdown_signal)
             .await
-            .map_err(|err| err.into())
+            .map_err(Error::from)
     }
 }