Comment 15 for bug 1999909

I found this page [1], and it said tlslite-ng had implemented tls-over-tls feature, I tested it and it did work. So maybe we can use it in ubuntu-advantage-client for a combination of https proxy and https target.

$ python3 tlsliteclient.py
HTTP/1.0 200 Connection Established
HTTP/1.1 200 OK
server: gunicorn/20.0.4
date: Fri, 13 Jan 2023 07:28:59 GMT
content-type: text/html; charset=utf-8
content-length: 64
snap-store-version: 52
x-view-name: snapdevicegw.webapi.root
x-vcs-revision: bf69cb87
x-request-id: 0AAC4128E3420A8325F301BB63C1083B15A0F9BD

$ cat tlsliteclient.py
#!/usr/bin/env python
# coding=utf-8
import tlslite, ssl, socket
sock = tlslite.TLSConnection(socket.create_connection(('127.0.0.1', 7070)))
sock.handshakeClientCert()
sock.sendall(bytes('CONNECT api.snapcraft.io:443 HTTP/1.1\r\nHost: api.snapcraft.io:443\r\n\r\n', 'ascii'))
print(sock.recv(1024).decode());
conn = tlslite.TLSConnection(sock)
conn.handshakeClientCert()
conn.sendall(b'GET / HTTP/1.1\r\nHost: api.snapcraft.io\r\n\r\n')
print(conn.recv(1024).decode())

[1] https://github.com/urllib3/urllib3/pull/1121#issuecomment-281686973