-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL Error: Cannot connect to HTTPS server through proxy #2021
Comments
does your proxy block SSL trafic ? |
Thank you for your reply @stof . The Proxy supports SSL, e.g. if I enter Also I should add: I just tried to download the
Also
|
Allright I was able to fix this issue. The Problem was the Version of OpenSSL in PHP. I updated to OpenSSL v1.0.1 and now it works pretty fine. So what's my Setup:
How to fix it:
P.S. You can check your OpenSSL-Version by typing Maybe this helps somebody. It killed my last 2 days ... |
@stof I opened an issue about this a couple weeks ago, but someone recommended adding HTTP_PROXY_REQUEST_FULLURI and HTTPS_PROXY_REQUEST_FULLURI vars. This worked for one day and now it no longer works for anyone inside our company firewall. Every thing else works just fine using https proxy (wget, git, web browser...). We are running Ubuntu Precise 12.04, and all packages are up to date. here is diag output: ./bin/composer.phar diag
Checking platform settings: OK
Checking http connectivity: OK
Checking HTTP proxy: OK
Checking HTTP proxy support for request_fulluri: OK
Checking HTTPS proxy support for request_fulluri: FAIL
Unable to assert the situation, maybe github is down (The "https://api.github.com/repos/Seldaek/jsonlint/zipball/1.0.0" file could not be downloaded: failed to open stream: Cannot connect to HTTPS server through proxy)
Checking composer.json: OK
Checking composer version: OK |
@dspiegel same problem over here, seems to be a compatibility issue between two versions of openssl. It's possible this has been caused recently by GitHub upgrading their openssl version to 1.0 (http://stackoverflow.com/questions/8619706/running-curl-with-openssl-0-9-8-against-openssl-1-0-0-server-causes-handshake-er). For us upgrade is out of question currently. If composer uses curl, CURLOPT_SSLVERSION=3 would help, but I don't know if it in fact does. Could you let me know if you manage to fix the issue? |
@mateusz I'm not 100% sure about this, maybe one of the developers should comment on this as well, but as far as I can tell, composer does not use curl to download dependencies. It uses the php get_contents() as you can see here: https://github.com/composer/composer/blob/master/src/Composer/Util/RemoteFilesystem.php#L132 |
@boldtrn indeed, you're right - it's actually using the PHP streams directly. I understand it is using the https wrapper for file_get_contents, and ssl proxy transport for the context configuration. Nevertheless the issue seems to be with the openssl extension as compiled into my php executable and if there was a way to pass some options into the context, I could try configuring ciphers to prefer SSLv3. There is no such option though :-) Still looking at it, I'll try to see what the composer is actually doing. Curl works fine for me, so maybe it is some kind of a composer bug after all... |
Got some more information, opened new issue with code to reproduce and a suspicion towards SNI. |
You've bumped up against a bug in OpenSSL 0.9.8 in its handling of warning-level alerts. In this case it appears to be hostname mismatch when using SNI extensions. I've submitted a patch to OpenSSL that addresses this. --mancha [1] https://rt.openssl.org/Ticket/Display.html?id=3038&user=guest&pass=guest |
open regedit find all 172.20.20.1:3128 proxy and delete. |
If the client is being used with a library that uses another OpenSSL, for example, if you are making https: // SSL calls from the CURL library, OpenSSL will not generate the Context |
Hi,
I am behind a company firewall and composer stopped working some time ago (around 4-5 weeks). So I tried
composer diag
and this shows the following output:I tried to set:
HTTPS_PROXY_REQUEST_FULLURI
to true or false, but this doesn't changed anything for me. So right now I don't have any clue how to go on. Anybody got an idea?Unfortunately I cant run
composer update
anymore, what ends in something like this:The text was updated successfully, but these errors were encountered: