Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xbps-uhelper fails with redirect using proxy #52

Closed
jschultz opened this issue Jan 26, 2019 · 1 comment
Closed

xbps-uhelper fails with redirect using proxy #52

jschultz opened this issue Jan 26, 2019 · 1 comment
Assignees
@Duncaen
Labels
bug Something isn't working
Milestone
0.54

Comments

@jschultz
Copy link

For example, fetching https://www.llvm.org/releases/7.0.1/llvm-7.0.1.src.tar.xz using a proxy (in my case squid running at http://172.17.0.1:3128 and a certificate that I have manually added to my system) produces:

looking up 172.17.0.1
connecting to 172.17.0.1:3128
SSL options: 4004
Peer verification enabled
Using CA cert path: /etc/ssl/certs
Verify hostname
TLSv1.2 connection established using ECDHE-RSA-AES256-GCM-SHA384
Certificate subject: /CN=llvm.org
Certificate issuer: /C=AU/ST= /L= /O= /OU= /CN=
requesting https://www.llvm.org/releases/7.0.1/llvm-7.0.1.src.tar.xz
302 redirect to http://releases.llvm.org/7.0.1/llvm-7.0.1.src.tar.xz
looking up 172.17.0.1
connecting to 172.17.0.1:3128
requesting http://releases.llvm.org/7.0.1/llvm-7.0.1.src.tar.xz
https://www.llvm.org/releases/7.0.1/llvm-7.0.1.src.tar.xz: Bad Request

The problem seems to be connected with the fact that an https URL redirects to a http URL. From the proxy log I can see:

1547696915.462 447 172.17.0.1 TCP_MISS/302 671 GET https://www.llvm.org/releases/7.0.1/llvm-7.0.1.src.tar.xz - HIER_DIRECT/54.67.122.174 text/html
1547696915.465 0 172.17.0.1 NONE/400 3937 GET /7.0.1/llvm-7.0.1.src.tar.xz - HIER_NONE/- text/html

I tracked the problem down to code around here in fetch/http.c:

  /* send request */
  if (verbose)
  	fetch_info("requesting %s://%s%s",
  	    url->scheme, host, url->doc);
  if (purl && strcasecmp(URL->scheme, SCHEME_HTTPS) != 0) {
  	http_cmd(conn, "%s %s://%s%s HTTP/1.1\r\n",
  	    op, url->scheme, host, url->doc);
  } else {
  	http_cmd(conn, "%s %s HTTP/1.1\r\n",
  	    op, url->doc);
  }

  if (if_modified_since && url->last_modified > 0)
  	set_if_modified_since(conn, url->last_modified);

  /* virtual host */
  http_cmd(conn, "Host: %s\r\n", host);

  if (strcasecmp(URL->scheme, SCHEME_HTTPS) != 0)
  	send_proxy_headers(conn, purl);

In two places this code uses URL->scheme (the protocol of the original URL) rather than url->scheme (the protocol of the redirected URL. I found that after replacing these two instances the code appears to work in this particular case. But not really understanding these protocols very well I hesitate to make a pull request based on a single case.

I see comments in the code that the whole http_request function needs to be rewritten anyway, so just bringing this issue to the developers' attention.
@Duncaen Duncaen self-assigned this Apr 8, 2019
Duncaen pushed a commit that referenced this issue Apr 22, 2019
@Duncaen
lib/fetch/http.c: fix https->http redirection via proxy.
7177595 
See #52

Thanks @jschultz

Closes: #79 [via git-merge-pr]
@Duncaen Duncaen closed this as completed Jun 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Duncaen Duncaen

Labels
bug Something isn't working
Projects
None yet
Milestone
0.54
Development

No branches or pull requests
3 participants
@jschultz @Duncaen and others