From 5bfd878a4f58fd3d4538a84f3c27175faed96290 Mon Sep 17 00:00:00 2001
From: Vladislav Yarmak <vladislav@vm-0.com>
Date: Mon, 25 May 2020 00:24:46 +0300
Subject: [PATCH] polish

---
 README.md  | 1 +
 auth.go    | 5 +++--
 handler.go | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 9d6cd6a..ddf5c74 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Dumbiest HTTP proxy ever.
 * Supports CONNECT method and forwarding of HTTPS connections
 * Supports `Basic` proxy authentication
 * Supports TLS operation mode (HTTP(S) proxy over TLS)
+* Supports client authentication with client TLS certificates
 * Supports HTTP/2
 * Resilient to DPI (including active probing, see `hidden_domain` option for authentication providers)
 
diff --git a/auth.go b/auth.go
index e555e7c..38ef7e2 100644
--- a/auth.go
+++ b/auth.go
@@ -14,6 +14,7 @@ import (
 )
 
 const AUTH_REQUIRED_MSG = "Proxy authentication required.\n"
+const BAD_REQ_MSG = "Bad Request\n"
 
 type Auth interface {
     Validate(wr http.ResponseWriter, req *http.Request) bool
@@ -68,7 +69,7 @@ func requireBasicAuth(wr http.ResponseWriter, req *http.Request, hidden_domain s
     if hidden_domain != "" &&
         (subtle.ConstantTimeCompare([]byte(req.URL.Host), []byte(hidden_domain)) != 1 &&
         subtle.ConstantTimeCompare([]byte(req.Host), []byte(hidden_domain)) != 1) {
-        http.Error(wr, "Bad Request", http.StatusBadRequest)
+        http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
     } else {
         wr.Header().Set("Proxy-Authenticate", `Basic realm="dumbproxy"`)
         wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_REQUIRED_MSG))))
@@ -184,7 +185,7 @@ type CertAuth struct {}
 
 func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
     if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 {
-        http.Error(wr, "Forbidden", http.StatusForbidden)
+        http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
         return false
     } else {
         return true
diff --git a/handler.go b/handler.go
index 8391dd9..5d31414 100644
--- a/handler.go
+++ b/handler.go
@@ -89,7 +89,7 @@ func (s *ProxyHandler) ServeHTTP(wr http.ResponseWriter, req *http.Request) {
     isConnect := strings.ToUpper(req.Method) == "CONNECT"
     if (req.URL.Host == "" || req.URL.Scheme == "" && !isConnect) && req.ProtoMajor < 2 ||
         req.Host == "" && req.ProtoMajor == 2 {
-        http.Error(wr, "Bad Request", http.StatusBadRequest)
+        http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
         return
     }
     if !s.auth.Validate(wr, req) {