net/http, x/net/http/httpproxy: http_proxy is being used for https requests #40909
Comments
Change https://golang.org/cl/249440 mentions this issue: |
That CL's code seems fine, @fraenkel, but it's a behavior change away from the documented behavior (and changes the documented behavior), so the decision on whether to do this should be made intentionally. I'm pretty sure the old behavior (of HTTP_PROXY also applying to "https" scheme URLs when HTTPS_PROXY was not present) was intentional but I don't have the time to go digging through git history to figure out whose behavior we were copying at the time, but I thought we were. /cc @rsc who might also remember and should decide who makes this decision. |
One can tunnel any protocol through an HTTP proxy: https://wiki.squid-cache.org/Features/HTTPS#CONNECT_tunnel |
While CONNECT is the mechanism used, this is about the environment variables. all_proxy was meant to be the catch all but that is not implemented. |
@neild, this should probably go in now-ish with release notes for Go 1.16 so we can see if anybody is surprised during the rcs/betas. |
Googling for Tentatively SGTM. |
Protocol specific proxies must match based on scheme. If the https proxy is no configured, and the proxy for a https URL is requested, no proxy should be returned. Updates golang/go#40909 Change-Id: I62dfcf95d819c634e8f2862e891877a4eb55fca7 Reviewed-on: https://go-review.googlesource.com/c/net/+/249440 Trust: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
Go handles
http_proxy/https_proxy/no_proxy
in non-standard way. According to source commenthttp_proxy
is used even for https urls. This is counterintuitive and not-working if it is not overriden.My usecase is that I've local squid running with
http_proxy
exported. Nevertheless, squid is configured to handle also https but it is not propagated because it is using untrusted self-signed certificate. Go tries to connect to https via the proxy and fails with the reasonablecertificate signed by unknown authority
message. But at first place it shouldn't have used that proxy at all.Code failing on this is referenced here
The text was updated successfully, but these errors were encountered: