Background:

I'm working on adding https-proxy[1] support to python-requests https://github.com/phuslu/requests_httpsproxy

Issue:
ssl module(python 2.7) counld establish ssl handshakes over a https-proxy

Reproduce Steps:
I setup a https-proxy in bwg.phus.lu:443

>>> import socket,ssl
>>> sock = ssl.wrap_socket(socket.create_connection(('bwg.phus.lu', 443)))
>>> sock.sendall('CONNECT httpbin.org:443 HTTP/1.0\r\n\r\n')
36
>>> sock.recv()
'HTTP/1.1 200 OK\r\n\r\n'
>>> ssl.wrap_socket(sock)
Traceback (most recent call last):
  File "<input>", line 1, in <module>
    ssl.wrap_socket(sock)
  File "/usr/lib/python2.7/ssl.py", line 943, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 840, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: UNKNOWN_ALERT_TYPE] unknown alert type (_ssl.c:661)


[1] https://www.chromium.org/developers/design-documents/secure-web-proxy

It looks like you are trying to tunnel one SSL or TLS connection through another SSL/TLS connection (instead of through a plain OS socket). There is already a bug recently opened about this: Issue 29394.

Basically, the SSL module doesn’t support this, and the documentation should be clarified to say something like wrap_socket() only accepts basic socket.socket() objects, not subclasses. However, in Python 3.5+ I think you could use the BIO layer to hook in your intermediate SSL socket (or any other transport).