From owner-freebsd-i386@FreeBSD.ORG  Fri Feb 25 17:07:14 2011
Return-Path: <owner-freebsd-i386@FreeBSD.ORG>
Delivered-To: freebsd-i386@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AA381106566B;
	Fri, 25 Feb 2011 17:07:14 +0000 (UTC)
	(envelope-from creddym@gmail.com)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id C222B8FC0C;
	Fri, 25 Feb 2011 17:07:13 +0000 (UTC)
Received: by wwb31 with SMTP id 31so2433307wwb.31
	for <multiple recipients>; Fri, 25 Feb 2011 09:07:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type;
	bh=hFtKhz+k1r4Gx+b9nyEZNwjTtFGSILGNVXJ6NTwJrYM=;
	b=v49c29Gwq3lAudbeTD12arjgzyXR8zLOGHHJGP/KUtkr+NO6tlg7pJtKdxGFB4hf2B
	o36tWUkLue4zp+jgpQkdbeuuPjIXrPg2pErKA6EeiEPGWqg2LiUWdEhhkj0Qg1h1Au9W
	lPCkiFnLZjCqZZ0K+ZK8FA0plc6FFWOwYAiaw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=NezypnHHcAPA8UxigfDnY8q5peM0C7Y6ANGxxgwSOdnZBOaugXLOGwXaZDWZfwU/ZK
	lTNNhNfuGNoo8CWkv4VQ7ov4tIhDmvWW3sozDNRqtI8WQO40DjUHWYhGDUanGPfal0nw
	C/yRDtOaG87BvqDXrucuWSSRnjoXDdOY3LrUI=
MIME-Version: 1.0
Received: by 10.216.19.133 with SMTP id n5mr7062484wen.83.1298653632370; Fri,
	25 Feb 2011 09:07:12 -0800 (PST)
Received: by 10.216.78.147 with HTTP; Fri, 25 Feb 2011 09:07:12 -0800 (PST)
In-Reply-To: <AANLkTikNiv4NkvK+2Ntb7FecdQk6i95Z3OFG9iu_SMJc@mail.gmail.com>
References: <AANLkTikNiv4NkvK+2Ntb7FecdQk6i95Z3OFG9iu_SMJc@mail.gmail.com>
Date: Fri, 25 Feb 2011 22:37:12 +0530
Message-ID: <AANLkTinNYswQg3iJP9rpeVF8uCspgPYOZmh-NQh7YNEN@mail.gmail.com>
From: chandra reddy <creddym@gmail.com>
To: rwmaillists@googlemail.com
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-hackers@freebsd.org, freebsd-i386@freebsd.org,
	freebsd-questions@freebsd.org
Subject: Re: Why FreeBSD fetch does not download a file via a proxy for HTTPS
 URLS (the same works fine for HTTP urls)
X-BeenThere: freebsd-i386@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: I386-specific issues for FreeBSD <freebsd-i386.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-i386>
List-Post: <mailto:freebsd-i386@freebsd.org>
List-Help: <mailto:freebsd-i386-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2011 17:07:14 -0000

Hi RW,

Thanks alot for your reply.

Do you mean to say "curl" also not using  a CONNECT to tunnel through to the
actual server?

How can I achieve downloading files HTTPS over a proxy?

Thanks
 <%20http://permalink.gmane.org/gmane.os.freebsd.devel.hackers/42588>
-Chandra

> Hi All,
>
> I am working on a project where i need to download a file via a proxy
> server using HTTPS protocol. I found that fetch does not work/support
> HTTPS requests over a proxy.

I just checked and neither do wget nor curl.

> I could overcome the above problem if I do the following change.
>
>                    1375:
> 1.58
> <http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58>
> des      1376:        if (purl) { 1.51
> <http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51>
> des      1377:                URL = purl;
>

I don't think that would work, presumably it would just cause an
attempt at an ssl connection to the proxy, followed by a GET request
for an https URL. https through a proxy is supposed to use a CONNECT to
tunnel through to the actual server.



On Thu, Feb 24, 2011 at 12:49 PM, chandra reddy <creddym@gmail.com> wrote:

> Hi All,
>
> I am working on a project where i need to download a file via a proxy
> server using HTTPS protocol. I found that fetch does not work/support HTTPS
> requests over a proxy.
>
> My setup would be like this:
>
>
>
> Intranet
> Internet
> -----------------------------------------------------------------------
> |                      https or  http                              |
>          https
> | Client m/cs -----------------------------> Porxy Server
> -------------------------------> Destination Server (or Download server)
> |                                                                      |
> -----------------------------------------------------------------------
>
>
> I can use https or http  protocol between Client and Proxy but only HTTPS
> is used between proxy and Destination server(or Download server) .
>
> I tried to use "squid" proxy as my proxy server and tried to download a
> file from my download server to Client m/c using FreeBSD "fetch" command.
> It fails to download a file via proxy for HTTPS requests Please note that
> Proxy setup is 100% correct and a web server (Apache) running fine.
> [I have tested it using my Mozilla browser on my PC].
>
> I have done the following:
>
> 1. *Download a file using HTTPS over a proxy server*
>
> #env HTTP_PROXY=http://<proxy-server-ip>:3128/ /usr/sbin/fetch -v -o
> /tmp/download.out 'https://<destination-server-ip>/index.htm'
>
> looking up <destination-server-ip>
>
> connecting to<destination-server-ip>:443
>
> connection established
>
> fetch: https://<destination-server-ip>/index.htm Authentication error
> Even I have tried this also and found the same error.
>
> #env HTTP_PROXY=https://<proxy-server-ip>:3128/ /usr/sbin/fetch -v -o
> /tmp/download.out 'https://<destination-serve-ip>/index.htm'
>
>
> My question is why it is not connected via "Proxy sever". It tries to
> connect directly. I could see that if I use HTTP protocol then it connects
> via proxy.
> Please see the logs here.
>
> 2. *Download a file using HTTP over a proxy server*
>
> #env HTTP_PROXY=http://<proxy-server-ip>:3128/ /usr/sbin/fetch -v -o
> /tmp/download.out 'http://<destination-server-ip>/index.htm'
>
> looking up <proxy-server-ip>
>
> connecting to <proxy-server-ip>:3128
>
> connection established
>
> requesting http://destination-server-ip/index.htm
> Even I have tried this also and found that works fine.
>
> #env HTTP_PROXY=https://<proxy-server-ip>:3128/ /usr/sbin/fetch -v -o
> /tmp/download.out 'http://<destination-serve-ip>/index.htm'
>
> I have debugged "fetch" and found that the following check is stopping
> HTTPS requests over a proxy.
>
> *http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c
>
>                                      .OR.
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c?annotate=1.78.2.5.4.1
>
> *
>
>                    1375:
> 1.58 <http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58>      des      1376:        if (purl && strcasecmp(URL->scheme, SCHEME_HTTPS) != 0) {
> 1.51 <http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51>      des      1377:                URL = purl;
>
>
>
> I could overcome the above problem if I do the following change.
>
>                    1375:
> 1.58 <http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58>      des      1376:        if (purl) {
> 1.51 <http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51>      des      1377:                URL = purl;
>
>
> I want to know why HTTPS over proxy is not working with "libfetch". I want
> to make it work how can do it?
>
> Thanks
> -Chandra
>
>


-- 
Thanks,
cr();
--------------------------------------------------------------------------------------------------------------------------
"Remote debugging a buggy debugger with a cross buggy debugger is a funny
thing"
--------------------------------------------------------------------------------------------------------------------------