From 9a35f96795ae332e9699443f56e9606ff4c58492 Mon Sep 17 00:00:00 2001
From: Vladislav Yarmak <vladislav-ex-src@vm-0.com>
Date: Sat, 27 Mar 2021 01:48:24 +0200
Subject: [PATCH] fix seclient SNI

---
 main.go | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/main.go b/main.go
index 632264a..b4e9fb9 100644
--- a/main.go
+++ b/main.go
@@ -126,18 +126,25 @@ func run() int {
 		dialer = pxDialer.(ContextDialer)
 	}
 
+	// Dialing w/o SNI, receiving self-signed certificate, so skip verification.
+	// Either way we'll validate certificate of actual proxy server.
+	tlsConfig := &tls.Config{
+		ServerName: "",
+		InsecureSkipVerify: true,
+	}
 	seclient, err := se.NewSEClient(args.apiLogin, args.apiPassword, &http.Transport{
 		DialContext:           dialer.DialContext,
+		DialTLSContext: func (ctx context.Context, network, addr string) (net.Conn, error) {
+			conn, err := dialer.DialContext(ctx, network, addr)
+			if err != nil {
+				return conn, err
+			}
+			return tls.Client(conn, tlsConfig), nil
+		},
 		ForceAttemptHTTP2:     true,
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
-		// Dialing w/o SNI, receiving self-signed certificate, so skip verification.
-		// Either way we'll validate certificate of actual proxy server.
-		TLSClientConfig: &tls.Config{
-			ServerName: "",
-			InsecureSkipVerify: true,
-		},
 		ExpectContinueTimeout: 1 * time.Second,
 	})
 	if err != nil {