fix(PortProxy): Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.

2025-03-11 17:37:43 +00:00
parent f304cc67b4
commit 415b82a84a
3 changed files with 41 additions and 4 deletions
--- a/ts/classes.portproxy.ts
+++ b/ts/classes.portproxy.ts
@@ -920,7 +920,15 @@ export class PortProxy {
          if (SniHandler.isClientHello(renegChunk)) {
            try {
              // Extract SNI from ClientHello
-              const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, this.settings.enableTlsDebugLogging);
+              // Create a connection info object for the existing connection
+              const connInfo = {
+                sourceIp: record.remoteIP,
+                sourcePort: record.incoming.remotePort || 0,
+                destIp: record.incoming.localAddress || '',
+                destPort: record.incoming.localPort || 0
+              };
+              
+              const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, connInfo, this.settings.enableTlsDebugLogging);

              // Skip if no SNI was found
              if (!newSNI) return;
@@ -1590,7 +1598,15 @@ export class PortProxy {
                `[${connectionId}] TLS handshake detected from ${remoteIP}, ${chunk.length} bytes`
              );
              // Try to extract SNI and log detailed debug info
-              SniHandler.extractSNIWithResumptionSupport(chunk, true);
+              // Create connection info for debug logging
+              const debugConnInfo = {
+                sourceIp: remoteIP,
+                sourcePort: socket.remotePort || 0,
+                destIp: socket.localAddress || '',
+                destPort: socket.localPort || 0
+              };
+              
+              SniHandler.extractSNIWithResumptionSupport(chunk, debugConnInfo, true);
            }
          }
        });
@@ -1797,7 +1813,21 @@ export class PortProxy {
                );
              }

-              serverName = SniHandler.extractSNIWithResumptionSupport(chunk, this.settings.enableTlsDebugLogging) || '';
+              // Create connection info object for SNI extraction
+              const connInfo = {
+                sourceIp: remoteIP,
+                sourcePort: socket.remotePort || 0,
+                destIp: socket.localAddress || '',
+                destPort: socket.localPort || 0
+              };
+              
+              // Use the new processTlsPacket method for comprehensive handling
+              serverName = SniHandler.processTlsPacket(
+                chunk, 
+                connInfo,
+                this.settings.enableTlsDebugLogging,
+                connectionRecord.lockedDomain // Pass any previously negotiated domain as a hint
+              ) || '';
            }

            // Lock the connection to the negotiated SNI.