New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

no_proxy activates if the no_proxy env var is the closing substring of the hostname #1643

Closed
wadetandy opened this Issue Jun 16, 2016 · 3 comments

Comments

Projects
None yet
5 participants
@wadetandy

wadetandy commented Jun 16, 2016

I would like to suggest bug fix.

Today I discovered that even when a proxy is set correctly in the environment via ENV['http_proxy'], if ENV['no_proxy'] includes a value that is the trailing substring of the rubygems host being accessed, the no proxy logic will have a false match and the proxy will be disabled silently for the request. This causes the request to hang until timeout and was quite hard to debug. It turns out in my case an environment configuration error had set no_proxy=,example.com, so the comma split included an empty string, but the broader issue still exists.

I have pushed up a branch with two failing tests demonstrating the problem: https://github.com/wadetandy/rubygems/tree/no_proxy_substring

This issue is related to:

  • Network problems
  • Installing a library
  • Publishing a library
  • The command line gem
  • Other

@bronzdoc bronzdoc added the triage label Jun 16, 2016

@wadetandy wadetandy changed the title from no_proxy activates the proxy is the closing substring of the hostname to no_proxy activates if the proxy is the closing substring of the hostname Jun 16, 2016

@wadetandy wadetandy changed the title from no_proxy activates if the proxy is the closing substring of the hostname to no_proxy activates if the no_proxy env var is the closing substring of the hostname Jun 16, 2016

wadetandy added a commit to wadetandy/rubygems that referenced this issue Jun 16, 2016

@lynncyrin lynncyrin added status: triage and removed triage labels Jul 21, 2016

@gavinB-orange

This comment has been minimized.

Show comment
Hide comment
@gavinB-orange

gavinB-orange Jun 6, 2017

Simply having a leading comma in no_proxy is sufficient to mess up your proxy setup.

gavin@ibb1:~$ export no_proxy=localhost,127.0.0.1
gavin@ibb1:~$ gem list --remote | wc -l
131151
gavin@ibb1:~$ export no_proxy=,localhost,127.0.0.1
gavin@ibb1:~$ gem list --remote | wc -l
ERROR:  SSL verification error at depth 0: self signed certificate (18)
ERROR:  Certificate /CN=FG3K6C3A15800008/O=Fortinet Ltd. is not trusted
1

gavin@ibb1:~$ gem --version
2.6.12

Other tools do not interpret the empty string as a match for everything (curl, wget, ...) so this is particularly hard to debug.

gavinB-orange commented Jun 6, 2017

Simply having a leading comma in no_proxy is sufficient to mess up your proxy setup.

gavin@ibb1:~$ export no_proxy=localhost,127.0.0.1
gavin@ibb1:~$ gem list --remote | wc -l
131151
gavin@ibb1:~$ export no_proxy=,localhost,127.0.0.1
gavin@ibb1:~$ gem list --remote | wc -l
ERROR:  SSL verification error at depth 0: self signed certificate (18)
ERROR:  Certificate /CN=FG3K6C3A15800008/O=Fortinet Ltd. is not trusted
1

gavin@ibb1:~$ gem --version
2.6.12

Other tools do not interpret the empty string as a match for everything (curl, wget, ...) so this is particularly hard to debug.

@wadetandy

This comment has been minimized.

Show comment
Hide comment
@wadetandy

wadetandy Jun 6, 2017

As far as I can tell, this was intended to solve the ability to no_proxy domain segments (AKA dev.example.com gets no proxy applied when no_proxy=example.com). However instead of breaking these up by . chars and applying some array math, the current approach does simple substring analysis. In addition to an empty value from a leading or trailing comma causing a wildcard noproxy, noproxy=google.com would also cause definitelynotgoogle.com to get noproxied too, which is almost certainly incorrect.

wadetandy commented Jun 6, 2017

As far as I can tell, this was intended to solve the ability to no_proxy domain segments (AKA dev.example.com gets no proxy applied when no_proxy=example.com). However instead of breaking these up by . chars and applying some array math, the current approach does simple substring analysis. In addition to an empty value from a leading or trailing comma causing a wildcard noproxy, noproxy=google.com would also cause definitelynotgoogle.com to get noproxied too, which is almost certainly incorrect.

@segiddins

This comment has been minimized.

Show comment
Hide comment
@segiddins

segiddins Jun 6, 2017

Member

A pull request fixing this would be greatly appreciated 🚀
I'm not so familiar with how these env vars are supposed to be interpreted

Member

segiddins commented Jun 6, 2017

A pull request fixing this would be greatly appreciated 🚀
I'm not so familiar with how these env vars are supposed to be interpreted

bundlerbot added a commit that referenced this issue Mar 30, 2018

Auto merge of #2249 - rubygems:fix_no_proxy, r=bronzdoc
Fix no proxy checking

# Description:
closes #1643

I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment