TLS connect proxy WIP

Author: sjorsdonkers

src/http/client.zig

@@ -1808,7 +1808,15 @@ const SyncHandler = struct {
         const socket = request._connection.?.socket;
 
         const header = try request.buildConnectHeader();
-        try Conn.writeAll(socket, header);
+        // try Conn.writeAll(socket, header);
+        var tls_client = try tls.client(std.net.Stream{ .handle = socket }, .{
+            .host = request._connect_host,
+            .root_ca = request._client.root_ca,
+            .insecure_skip_verify = request._tls_verify_host == false,
+            .key_log_callback = tls.config.key_log.callback,
+        });
+        // defer tls_client.close() catch {}; // should we close it so a new client can be created on the socket for the destination tls connection?
+        try tls_client.writeAll(header);
 
         var pos: usize = 0;
         var reader = request.newReader();
@@ -1819,7 +1827,12 @@ const SyncHandler = struct {
             // we only send CONNECT requests on newly established connections
             // and maybeRetryOrErr is only for connections that might have been
             // closed while being kept-alive
-            const n = try posix.read(socket, read_buf[pos..]);
+            // const n = try posix.read(socket, read_buf[pos..]);
+            // const n = switch (self.*) {
+            //     .tls => |tls_client| try tls_client.read(buf),
+            //     .plain => |socket| try posix.read(socket, buf),
+            // };
+            const n = try tls_client.read(read_buf[pos..]);
             if (n == 0) {
                 return error.ConnectionResetByPeer;
             }
@@ -2081,6 +2094,7 @@ const Reader = struct {
         if (result.done == false) {
             // CONNECT responses should not have a body. If the header is
             // done, then the entire response should be done.
+            log.err(.http_client, "InvalidConnectResponse", .{ .unprocessed = result.unprocessed.? });
             return error.InvalidConnectResponse;
         }