Adds support for HTTPS(TLS-in-TLS) proxies and fixes incorrect regex

[gabearro]

Changes:

• Adds support for HTTPS(TLS-in-TLS) proxies
• Fixes incorrect regex

[monosans]

Hey! I tried to check all default proxy lists with proxy_ssl, and I didn't get any proxies to pass the check. Is there any real point in adding support for https proxies?

[gabearro]

@monosans bizarre, when you say "any proxies" do you mean specifically https or even http? If it's the former it's likely that the public https proxies are using self signed certificates that aren't able to be verified by the SSL context. HTTPS proxies are very useful for ensuring that the proxy server can't easily mess with the confidentiality between client -> target host when proxying.

If you modify http.py and set lines 24-26 to:

PROXY_SSL_CONTEXT = ssl.create_default_context(cafile=certifi.where())
PROXY_SSL_CONTEXT.check_hostname = False
PROXY_SSL_CONTEXT.verify_mode = ssl.CERT_NONE # maybe we meet in the middle where we keep certificate verification on but we disable the hostname check?

it will start finding proxies in the public lists. Ideally, you would leave on the certificate verification but disable the hostname verification.

I'm using proxies where the server serves valid certificates so I can find valid ones. Workarounds I can think is retrying proxies that failed the proxy_ssl cert check to be done with verification off?

[gabearro]

@monosans any chance this could get added? I am maintaining my own version of your wonderful work but I think it is useful to more than just me ^-^

Just disabling the hostname check works which is nice.