Code review items addressed, documentation pending

psiphon/upstreamproxy/README.md

@@ -58,7 +58,7 @@ func doAuthenticatedHTTPS() {
 		if err != nil {
 			return nil, err
 		}
-		tlsconfig := &tls.Config{InsecureSkipVerify: true}
+		tlsconfig := &tls.Config{InsecureSkipVerify: false}
 		tlsConn := tls.Client(conn, tlsconfig)
 
 		return tlsConn, tlsConn.Handshake()

psiphon/upstreamproxy/auth_basic.go

@@ -1,3 +1,22 @@
+/*
+ * Copyright (c) 2015, Psiphon Inc.
+ * All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 package upstreamproxy
 
 import (

psiphon/upstreamproxy/auth_digest.go

@@ -1,3 +1,22 @@
+/*
+ * Copyright (c) 2015, Psiphon Inc.
+ * All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 package upstreamproxy
 
 import (

psiphon/upstreamproxy/auth_ntlm.go

@@ -1,3 +1,22 @@
+/*
+ * Copyright (c) 2015, Psiphon Inc.
+ * All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 package upstreamproxy
 
 import (

psiphon/upstreamproxy/http_authenticator.go

@@ -1,3 +1,22 @@
+/*
+ * Copyright (c) 2015, Psiphon Inc.
+ * All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 package upstreamproxy
 
 import (

psiphon/upstreamproxy/proxy_http.go

@@ -50,7 +50,6 @@ import (
 	"errors"
 	"fmt"
 	"golang.org/x/net/proxy"
-	//"io/ioutil"
 	"net"
 	"net/http"
 	"net/http/httputil"
@@ -86,8 +85,12 @@ func (hp *httpProxy) Dial(network, addr string) (net.Conn, error) {
 		return nil, fmt.Errorf("upstreamproxy: makeNewClientConn error: %v", err)
 	}
 
+handshakeLoop:
 	for {
 		err := pc.handshake(addr, hp.username, hp.password)
+		if err != nil {
+			return nil, err
+		}
 		switch pc.authState {
 		case HTTP_AUTH_STATE_SUCCESS:
 			pc.hijackedConn, pc.staleReader = pc.httpClientConn.Hijack()
@@ -106,7 +109,7 @@ func (hp *httpProxy) Dial(network, addr string) (net.Conn, error) {
 			}
 			continue
 		default:
-			panic("Illegal proxy handshake auth state")
+			break handshakeLoop
 		}
 	}
 	return nil, fmt.Errorf("Unknown handshake error")
@@ -123,7 +126,8 @@ type proxyConn struct {
 }
 
 func (pc *proxyConn) handshake(addr, username, password string) error {
-	// HACK HACK HACK HACK.  http.ReadRequest also does this.
+	// HACK: prefix addr of the form 'hostname:port' with a 'http' scheme
+	// so it could be parsed by url.Parse
 	reqURL, err := url.Parse("http://" + addr)
 	if err != nil {
 		pc.httpClientConn.Close()

psiphon/upstreamproxy/transport_proxy_auth.go

@@ -1,3 +1,22 @@
+/*
+ * Copyright (c) 2015, Psiphon Inc.
+ * All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 package upstreamproxy
 
 import (
@@ -32,7 +51,7 @@ func NewProxyAuthTransport(rawTransport *http.Transport) (*ProxyAuthTransport, e
 			return nil, err
 		}
 		if proxyUrl.Scheme != "http" {
-			return nil, fmt.Errorf("Only HTTP proxysupported, for SOCKS use http.Transport with custom dialers & upstreamproxy.NewProxyDialFunc")
+			return nil, fmt.Errorf("Only HTTP proxy supported, for SOCKS use http.Transport with custom dialers & upstreamproxy.NewProxyDialFunc")
 		}
 		tr.Username = proxyUrl.User.Username()
 		tr.Password, _ = proxyUrl.User.Password()