W3C home > Mailing lists > Public > www-lib@w3.org > April to June 2001

https over proxy patch

From: Grushinskiy, Mikhail <mgrushinskiy@att.com>
Date: Thu, 21 Jun 2001 17:01:11 -0400
Message-ID: <177C519EE5CCD31195390090278539D304C4D130@njb140po04.ems.att.com>
To: www-lib@w3.org
Cc: srdjan.matovina@canada.sun.com, tudor.hulubei@ecora.com, olga@eai.com, anton.belov@canada.sun.com, "Guo, Xuan C, NNAD" <xuanguo@att.com>

Sorry for resposting this... Somehow it didn't make to the list for the
first time.

--Mikhail 


> Srdjan,
> 
> I'm trying to use your patch to make GET and POST requests over SSL with
> proxy. 
> Initially I had troubles with GET in wwwssl sample. After changing
> 
>     HTSSLhttps_init(YES);
> to
>     HTSSLhttps_init(NO);
> 
> in wwwssl.c as suggested in some postings it still didn't work for me.
> GET request ended with -1 code. I found this message in the trace:
> 
> Read Socket. No read stream for net object 0x80c3a50
> 
> and I added 
> 
> HTNet_setReadStream(net, me);
> 
> in HTTP.c after HTNet_setPersistent(HTRequest_net(request), YES,
> HT_TP_SINGLE);
> 
> 
>       if (HTRequest_method(request) == METHOD_CONNECT) {
>         tt=HTStreamStack(WWW_MIME_HEAD,
>                          HTRequest_outputFormat(request),
>                          HTRequest_outputStream(request),
>                          request, YES);
>  
>         me = HTTee(tt,
>                    HTTPStatus_new(request,
>                                   NULL,
>                                   WWW_MIME_HEAD,
>                                   HTRequest_outputFormat(request),
>                                   NULL),
>                    NULL);
>  
>         HTNet_setPersistent(HTRequest_net(request), YES, HT_TP_SINGLE);
>         HTNet_setReadStream(net, me);
>       }
> 
> 
> This change seems to be fixed the problem with wwwssl and GET.
> 
> 
> However I still cannot make POST to work over SSL with proxy.
> Here is what happens...
> 
> The program opens connection to a proxy, issues CONNECT and receives
> "200 Connection established" after that proxy goes into tunneling mode
> and the program establishes SSL connection with the web server.
> The program dumps POST request headers and dives into infinite loop.
> It never calls select() during this loop. It doesn't flush the body
> of the POST message.
> 
> 
> Host Event.. FLUSH requested for  `https://www.ups.com/ups.app/xml/Rate'
> , but ignoring it as we're already processing a flush in this host
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> SSL_connect: error in SSLv3 read finished A
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Buffer...... Flushing 0x80c3a60
> **************** HTSSLWriter_write entering ****************
> SSL_connect: SSLv3 read finished A
> HTSSLWriter. SSL returned 0
> POST /xml/Rate HTTP/1.0^M
> Accept: */*;q=0.3^M
> TE: trailers^M
> Expect: 100-continue^M
> Host: www.ups.com^M
> User-Agent: libwww-POST/1.0 libwww/5.3.2^M
> Connection: TE,Keep-Alive^M
> Date: Tue, 19 Jun 2001 03:51:56 GMT^M
> Content-Length: 1207^M
> Content-Type: application/x-www-form-urlencoded^M
> ^M
> HTSSLWriter. 286 bytes written to 3
> Memory Free. 0x80edd60
> Memory Free. 0x80b75c0
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> 
> 
> Here is the log for the same scenario without proxy:
> 
> 
> 
> EventList... calling socket 3, request 0x80c2ab0 handler 0x8088f80 type
> HTEvent_READ
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> SSL_connect: SSLv3 read finished A
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Buffer...... Flushing 0x80cdc08
> **************** HTSSLWriter_write entering ****************
> HTSSLWriter. SSL returned 0
> POST /ups.app/xml/Rate HTTP/1.1^M
> Accept: */*;q=0.3^M
> TE: trailers^M
> Expect: 100-continue^M
> Host: www.ups.com^M
> User-Agent: libwww-POST/1.0 libwww/5.3.2^M
> Connection: TE,Keep-Alive^M
> Date: Tue, 19 Jun 2001 03:51:39 GMT^M
> Content-Length: 1207^M
> Content-Type: application/x-www-form-urlencoded^M
> ^M
> HTSSLWriter. 286 bytes written to 3
> Memory Free. 0x80c2a98
> Memory Free. 0x80c2a98
> Memory Free. 0x80e30a8
> Event Loop.. calling select: maxfds is 3
> ............ READ : 3
> ............ WRITE:
> ............ OOB  :
> ............ Timeout is 1 s, 897000 microsecs
> Event Loop.. select returns 0
> ............ READ :
> ............ WRITE:
> ............ OOB  :
> ............ Timeout is 0 s, 0 microsecs
> Event Loop.. calling select: maxfds is 3
> ............ READ : 3
> ............ WRITE:
> ............ OOB  :
> ............ Timeout is 0 s, 2000 microsecs
> 
> 
> 
> I appreciate your help.
> 
> Thank you,
> Mikhail Grushinskiy
> 
> 
> 
> > https over proxy patch
> > 
> > From: Srdjan Matovina -- Customer Engineering
> (srdjan@scot.canada.sun.com)
> > Date: Wed, Mar 21 2001
> > 
> > *Next message: Attila Uhljar: "POST and pipelining"
> > 
> >    * Previous message: Fengyun Cao: "why webbot hangs on linux..."
> >    * Next in thread: Srdjan Matovina -- Customer Engineering: "Re: https
> over proxy patch"
> >    * Reply: Srdjan Matovina -- Customer Engineering: "Re: https over
> proxy patch"
> >    * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> >    * Other mail archives: [this mailing list] [other W3C mailing lists]
> >    * Mail actions: [ respond to this message ] [ mail a new topic ]
> > 
> >
> ------------------------------------------------------------------------
> > 
> > Date: Wed, 21 Mar 2001 12:53:04 -0500 (EST)
> > Message-Id: <200103211748.MAA224586@discover.canada.sun.com>
> > From: Srdjan Matovina -- Customer Engineering
> <srdjan@scot.canada.sun.com>
> > To: www-lib@w3.org
> > Subject: https over proxy patch
> > 
> > Hi,
> > In the last three weeks I was working to implement patch that will
> enable https
> > connection over proxy. I contacted Olga Antropova and she sent me her
> > implementation based on an old code base of the libwww. I've integrated
> into
> > 5.3.2 code base and did some testing by using wwwssl example by adding
> > HTProxy_add("http", "http://proxy:8888");
> > and on some application level code.
> > As well I've send a path to <tudor.hulubei@ecora.com> to do independent
> test of
> > the patch. All the tests were secuessfull.
> > Here is Olga comments on how she implemented this feature:
> > > >Basically in HTAuthFilter I change method from what it was to CONNECT
> and
> > > >have HTTPS_proxyAfterFilter that changes method back to original if
> > connect
> > > >was ok.
> > > >So I added CONNECT method to the mehtods.
> > > >Also I have some changes in HTChannel.c
> > > >And I do not use https connection management in HTSSL.c
> > > >
> > 
> > Find attached the diff file for https over proxy.
> > 
> > Regards, Srdjan
> >  ====
> >  Srdjan Matovina
> >  Sun Microsystems Americas Customer Engineering
> >  srdjan.matovina@canada.sun.com
> >  Ph.(905) 415-2883 Fax.(905) 477-0217
> > 
> > ------------- Begin Forwarded Message -------------
> > 
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Date: Mon, 19 Mar 2001 12:18:30 -0500 (EST)
> > From: Tudor Hulubei <tudor.hulubei@ecora.com>
> > To: Srdjan Matovina -- Customer Engineering
> <srdjan@opcom-mail.canada.sun.com>
> > Subject: Re: SSL through a proxy w/ libwww
> > 
> >   On Monday, 19 March 2001, Srdjan Matovina -- Customer Engineering
> wrote:
> > > I set my proxy server:
> > > HTProxy_add(http, "http://proxy:8888");
> > > With this setup I can get the page no problem.
> > >
> > > If I set proxy like: HTProxy_add(https, "https://proxy:8888");
> > > then client never connect to the secure server and also client is
> going into
> > > infinitive loop. Have to kill the client process.
> > > Try add the proxy with http protocol type, not with https:
> > >
> > > HTProxy_add(http, "http://proxy:8888");
> > > Let me know the result!
> > 
> > Well, good news!  It does work, indeed, after I took the "s" out from
> > "https" in HTProxy_add.  Thanks!  Let me know if there is something
> > else that you want me to test.
> > 
> > Tudor
> > 
> > ------------- End Forwarded Message -------------
> > 
> > ------------- Begin Forwarded Message -------------
> > 
> > X-Authentication-Warning: balefire.eai.com: uucp set sender to
> <olga@eai.com>
> > using -f
> > Really-From: olga@eai.com
> > From: "Olga Antropova" <olga@eai.com>
> > To: "Srdjan Matovina -- Customer Engineering"
> <srdjan@opcom-mail.canada.sun.com>
> > Cc: <antonb@opcom-mail.canada.sun.com>, "Olga Antropova" <olga@eai.com>
> > Subject: Re: SSL patch: Can you do that??
> > Date: Thu, 8 Mar 2001 13:07:33 -0600
> > MIME-Version: 1.0
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
> > 
> > Hi,
> > 
> > I think *CachingState is not relevant and should not be merged.
> > 
> > I am impressed with the fact that you are almost finished. Please be
> careful
> > to merge only the pieces that make sense.
> > And please be sure to test the resulting patch intensively before
> sending it
> > to the library. (We do not want to break it :-)
> > 
> > Also I am sure that I have missed some more files.
> > 
> > Olga.
> > ----- Original Message -----
> > From: "Srdjan Matovina -- Customer Engineering"
> <srdjan@scot.canada.sun.com>
> > To: <olga@eai.com>
> > Cc: <antonb@discover.canada.sun.com>
> > Sent: Thursday, March 08, 2001 10:39 AM
> > Subject: Re: SSL patch: Can you do that??
> > 
> > > Hi Olga,
> > >
> > > Thanks a lot for ssl over proxy patch code. I am integrating your ssl
> > patch into
> > > latest libwww. So far I am almost finished with integration except for
> the
> > > following function implementation that you missed to send:
> > >
> > > extern void HTRequest_setUseHTTPS(HTRequest *, BOOL val);
> > > extern BOOL HTRequest_useHTTPS(HTRequest *);
> > >
> > > extern void HTRequest_setCachingState(HTRequest *, BOOL val);
> > > extern BOOL HTRequest_cachingState(HTRequest *);
> > >
> > > extern void HTRequest_setHTTPSRequest(HTRequest *, BOOL val);
> > > extern BOOL HTRequest_isHTTPSRequest(HTRequest *);
> > >
> > > extern void HTRequest_saveOrigMethod(HTRequest *);
> > > extern HTMethod HTRequest_origMethod(HTRequest *);
> > >
> > > extern int HTRequest_httpsProxyRetries(HTRequest *);
> > > extern void HTRequest_httpsProxyAddRetry(HTRequest *);
> > >
> > > Those are the function declaration from HTReq.h file.
> > >
> > > If you could send it to me that would be great.
> > >
> > >  Thanks a lot
> > >
> > >  Srdjan
> > > >Date: Wed, 7 Mar 2001 13:12:19 -0500 (EST)
> > > >From: Anton Belov -- Customer Engineering
> > <antonb@opcom-mail.canada.sun.com>
> > > >Subject: SSL patch: Can you do that??
> > > >To: srdjan@canada.sun.com
> > > >MIME-Version: 1.0
> > > >
> > > >
> > > >------------- Begin Forwarded Message -------------
> > > >
> > > >X-Authentication-Warning: balefire.eai.com: uucp set sender to
> > <olga@eai.com>
> > > >using -f
> > > >Really-From: olga@eai.com
> > > >From: "Olga Antropova" <olga@eai.com>
> > > >To: "Anton Belov -- Customer Engineering"
> > <antonb@opcom-mail.canada.sun.com>,
> > > >"Olga Antropova" <olga@eai.com>
> > > >Subject: SSL patch: Can you do that??
> > > >Date: Wed, 7 Mar 2001 11:06:09 -0600
> > > >MIME-Version: 1.0
> > > >X-Priority: 3
> > > >X-MSMail-Priority: Normal
> > > >X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
> > > >
> > > >Privet Anton!
> > > >
> > > >I have it working but my codebase is old and the code is not perfect
> :-)
> > > >(well... ugly)
> > > >
> > > >Basically in HTAuthFilter I change method from what it was to CONNECT
> and
> > > >have HTTPS_proxyAfterFilter that changes method back to original if
> > connect
> > > >was ok.
> > > >So I added CONNECT method to the mehtods.
> > > >Also I have some changes in HTChannel.c
> > > >And I do not use https connection management in HTSSL.c
> > > >
> > > >So I am attaching the files.
> > > >If you can make sense and even make patch for the current version of
> www
> > of
> > > >that stuff it would be great!
> > > >I just absolutely have no time for that.
> > > >
> > > >Let me know if I missed some files.
> > > >Caution: the files contain some changes not relevant to SSL support.
> > > >
> > > >Schastlivo!
> > > >
> > > >Olga.
> > > >
> > > >
> > > >----- Original Message -----
> > > >From: "Anton Belov -- Customer Engineering"
> <antonb@scot.canada.sun.com>
> > > >To: <www-lib@w3.org>
> > > >Sent: Wednesday, March 07, 2001 10:22 AM
> > > >Subject: https & proxy
> > > >
> > > >
> > > >> Hi !
> > > >>
> > > >> I'm trying to understand why i cannot do https through proxy (if
> anyone
> > > >has it
> > > >> working, please let me know); To my understanding there are two
> ways to
> > do
> > > >it:
> > > >>
> > > >>  - one is when the communication between client and proxy is
> regular
> > HTTP,
> > > >and
> > > >>    proxy to the destination is HTTPS. In this case client doesn't
> even
> > > >need to
> > > >>    support SSL, because all the SSL work will be done by the proxy,
> > which
> > > >>    requires proxy to be configured for that. And i think not all of
> > them
> > > >are -
> > > >>    in my particular case i'd always get "500 Internal Server Error"
> > from
> > > >the
> > > >>    proxy.
> > > >>
> > > >>  - the other, and prefered way is to use proxy SSL tunneling, which
> is
> > > >>    established using CONNECT command to the proxy, and getting the
> 200
> > > >>    response if the destination server has accepted the connection.
> > Here's
> > > >>    the spec for this:
> > > >>
> > >
> >
> >http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-prox
> y-
> > t
> > > >unne
> > > >> ling-01.txt
> > > >>
> > > >>    This is not implemented in LibWWW, am i correct ? Is anyone
> working
> > on
> > > >this
> > > >>    right now ?
> > > >>
> > > >>
> > > >> Best Regards,
> > > >> Anton
> > > >>
> > > >>
> > > >>
> > > >>
> ~v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^vv^v^v^v^v^v^v^v^v^v^v^~
> > > >>
> > > >> Anton Belov
> > > >> Sun Microsystems Americas Customer Engineering
> > > >> anton.belov@canada.sun.com
> > > >> Ph. (905)415-2841  Fax. (905)477-0217
> > > >>
> > > >>
> > > >
> > > >------------- End Forwarded Message -------------
> > > >
> > > >
> > > >~v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^vv^v^v^v^v^v^v^v^v^v^v^~
> > > >
> > > >Anton Belov
> > > >Sun Microsystems Americas Customer Engineering
> > > >anton.belov@canada.sun.com
> > > >Ph. (905)415-2841  Fax. (905)477-0217
> > > >
> > >
> > > ====
> > > Srdjan Matovina
> > > Sun Microsystems Americas Customer Engineering
> > > srdjan.matovina@canada.sun.com
> > > Ph.(905) 415-2883 Fax.(905) 477-0217
> > >
> > >
> > 
> > ------------- End Forwarded Message -------------
> > 
> >
> ------------------------------------------------------------------------
> > 
> >    * APPLICATION/x-sun-compress attachment: https-proxy.tar.Z
> > 
> >
> ------------------------------------------------------------------------
> > 
> >    * Next message: Attila Uhljar: "POST and pipelining"
> >    * Previous message: Fengyun Cao: "why webbot hangs on linux..."
> >    * Next in thread: Srdjan Matovina -- Customer Engineering: "Re: https
> over proxy patch"
> >    * Reply: Srdjan Matovina -- Customer Engineering: "Re: https over
> proxy patch"
> >    * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> >    * Other mail archives: [this mailing list] [other W3C mailing lists]
> >    * Mail actions: [ respond to this message ] [ mail a new topic ]
Received on Thursday, 21 June 2001 17:02:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:39 GMT