From owner-freebsd-bugs@FreeBSD.ORG  Wed Aug 21 05:30:00 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id C7B78671
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Wed, 21 Aug 2013 05:30:00 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id A8526270B
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Wed, 21 Aug 2013 05:30:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r7L5U01P043078
 for <freebsd-bugs@freefall.freebsd.org>; Wed, 21 Aug 2013 05:30:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r7L5U0p7043077;
 Wed, 21 Aug 2013 05:30:00 GMT (envelope-from gnats)
Resent-Date: Wed, 21 Aug 2013 05:30:00 GMT
Resent-Message-Id: <201308210530.r7L5U0p7043077@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Kimo <kimor79@yahoo.com>
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 35D9260E
 for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Aug 2013 05:22:21 +0000 (UTC)
 (envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2393F26EB
 for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Aug 2013 05:22:21 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
 by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r7L5MKgD005201
 for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Aug 2013 05:22:20 GMT
 (envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
 by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r7L5MKAh005195;
 Wed, 21 Aug 2013 05:22:20 GMT (envelope-from nobody)
Message-Id: <201308210522.r7L5MKAh005195@oldred.freebsd.org>
Date: Wed, 21 Aug 2013 05:22:20 GMT
From: Kimo <kimor79@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: misc/181445: [PATCH] fetch(3) - Host header required by some proxies
 for HTTPS
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 05:30:00 -0000


>Number:         181445
>Category:       misc
>Synopsis:       [PATCH] fetch(3) - Host header required by some proxies for HTTPS
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 21 05:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Kimo
>Release:        9.1-RELEASE (but patched against HEAD)
>Organization:
>Environment:
>Description:
Some proxy servers, i.e., apache, enforce the Host header requirement on HTTP/1.1 requests even when the CONNECT method is given. The resulting response is "400 bad request". This patch adds the Host header immediately after the CONNECT method. However, even with the patch, the request will fail later on with SSL errors but that would be a different PR.
>How-To-Repeat:
I don't have a public apache-based proxy server to use but an apache configuration containing the following:

ProxyRequests On
SSLProxyEngine On
AllowCONNECT 80 443

And then

export HTTP_PROXY=http://theproxyserver:80/
fetch https://www.yahoo.com/
>Fix:
Index: lib/libfetch/http.c
===================================================================
--- lib/libfetch/http.c	(revision 254593)
+++ lib/libfetch/http.c	(working copy)
@@ -1400,6 +1400,8 @@
 	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
 		http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
 		    URL->host, URL->port);
+		http_cmd(conn, "Host: %s:%d",
+		    URL->host, URL->port);
 		http_cmd(conn, "");
 		if (http_get_reply(conn) != HTTP_OK) {
 			fetch_close(conn);

Patch attached with submission follows:

Index: lib/libfetch/http.c
===================================================================
--- lib/libfetch/http.c	(revision 254593)
+++ lib/libfetch/http.c	(working copy)
@@ -1400,6 +1400,8 @@
 	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
 		http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
 		    URL->host, URL->port);
+		http_cmd(conn, "Host: %s:%d",
+		    URL->host, URL->port);
 		http_cmd(conn, "");
 		if (http_get_reply(conn) != HTTP_OK) {
 			fetch_close(conn);


>Release-Note:
>Audit-Trail:
>Unformatted: