TLS CONNECT on the proxy side

[alex0112]

Current State:

Currently the proxy displays any TLS connection it recieves as an HTTP CONNECT, since this is how it creates a TLS tunnel in order to send encrypted traffic.

What we want to happen:

From the perspective of the user, there's no such thing as a TLS connection. Everything should come through in plaintext.

Implementation notes / flow:

• The browser sends a request to an URL on port 443 (A TLS CONNECT)
• Our proxy negotiates the TLS tunnel between itself and the client, specifically using the self signed cert specified in the config
• The client sends the plaintext HTTP request through the tunnel
• Our proxy creates a new request struct, sends it off to its various consumers (the TUI, whatever else)
• The last consumer it sends it to is a [function | module | thread] that creates a new tls connection to the server, sends the request along, and awaits the response (possibly with hyper_tls)
• It receives the response, gets it back as a struct, informs the tui thread etc, and then sends it back down the tunnel

Further Resources:

• This video looks good, maybe watch it later
• rusttls
  • The rustls lib states this in it's "not supported" section:

  Using CA certificates directly to authenticate a server/client (often called "self-signed certificates"). Rustls' default certificate verifier does not support using a trust anchor as both a CA certificate and an end-entity certificate in order to limit complexity and risk in path building.

  • I'm not sure if that is a blocker to using this library entirely, need to do some further digging here in order to make it happen