diff -u python2.4-orig/httplib.py python2.4-mod/httplib.py
--- python2.4-orig/httplib.py	2008-09-08 12:33:29.928520300 +0000
+++ python2.4-mod/httplib.py	2008-09-08 13:11:19.517330600 +0000
@@ -588,11 +588,17 @@
         self.__response = None
         self.__state = _CS_IDLE
         self._method = None
+        self._tunnel_host = None
+        self._tunnel_port = None
 
         self._set_hostport(host, port)
         if strict is not None:
             self.strict = strict
 
+    def _set_tunnel(self, host, port=None):
+        self._tunnel_host = host
+        self._tunnel_port = port
+
     def _set_hostport(self, host, port):
         if port is None:
             i = host.rfind(':')
@@ -613,6 +619,18 @@
     def set_debuglevel(self, level):
         self.debuglevel = level
 
+    def _tunnel(self):
+        self._set_hostport(self._tunnel_host, self._tunnel_port)
+        self.send("CONNECT %s:%d HTTP/1.0\r\n\r\n" % (self.host, self.port))
+        response = self.response_class(self.sock, strict = self.strict, method = self._method)
+        (version, code, message) = response._read_status()
+        if code != 200:
+            self.close()
+            raise socket.error, "Tunnel connection failed: %d %s" % (code, message.strip())
+        while True:
+            line = response.fp.readline()
+            if line == '\r\n': break
+
     def connect(self):
         """Connect to the host and port specified in __init__."""
         msg = "getaddrinfo returns an empty list"
@@ -634,6 +652,8 @@
             break
         if not self.sock:
             raise socket.error, msg
+        if self._tunnel_host:
+            self._tunnel()
 
     def close(self):
         """Close the connection to the HTTP server."""
@@ -1076,6 +1096,9 @@
 
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         sock.connect((self.host, self.port))
+        if self._tunnel_host:
+            self.sock = sock
+            self._tunnel()
         ssl = socket.ssl(sock, self.key_file, self.cert_file)
         self.sock = FakeSocket(sock, ssl)
 
diff -u python2.4-orig/urllib2.py python2.4-mod/urllib2.py
--- python2.4-orig/urllib2.py	2008-09-08 12:33:10.412770400 +0000
+++ python2.4-mod/urllib2.py	2008-09-08 13:17:25.800924800 +0000
@@ -184,6 +184,7 @@
         # self.__r_type is what's left after doing the splittype
         self.host = None
         self.port = None
+        self._tunnel_host = None
         self.data = data
         self.headers = {}
         for key, value in headers.items():
@@ -244,8 +245,12 @@
         return self.__r_host
 
     def set_proxy(self, host, type):
-        self.host, self.type = host, type
-        self.__r_host = self.__original
+        if self.type == 'https' and not self._tunnel_host:
+            self._tunnel_host = self.host
+        else:
+            self.type = type
+            self.__r_host = self.__original
+        self.host = host
 
     def get_origin_req_host(self):
         return self.origin_req_host
@@ -586,7 +591,7 @@
                 req.add_header('Proxy-authorization', 'Basic ' + user_pass)
         host = unquote(host)
         req.set_proxy(host, type)
-        if orig_type == type:
+        if orig_type == type or orig_type == 'https':
             # let other handlers take care of it
             # XXX this only makes sense if the proxy is before the
             # other handlers
@@ -989,6 +994,10 @@
         # So make sure the connection gets closed after the (only)
         # request.
         headers["Connection"] = "close"
+
+        if req._tunnel_host:
+            h._set_tunnel(req._tunnel_host)
+
         try:
             h.request(req.get_method(), req.get_selector(), req.data, headers)
             r = h.getresponse()