Re:https over proxy patch

I'm kinda clueless here.  Where can I find this patch?  Or, is it merged into 
the CVS codestream?  I've been looking around in the current CVS codebase and 
found nothing regarding this patch.  

Any direction would be much appreciated.
-Jeff

 Message-ID: <177C519EE5CCD31195390090278539D304C4D130@njb140po04.ems.att.com>
From: "Grushinskiy, Mikhail" <mgrushinskiy@att.com>
To: www-lib@w3.org
Cc: srdjan.matovina@canada.sun.com, tudor.hulubei@ecora.com, olga@eai.com, 
anton.belov@canada.sun.com, "Guo, Xuan C, NNAD" <xuanguo@att.com>
Date: Thu, 21 Jun 2001 17:01:11 -0400
Subject: https over proxy patch


Sorry for resposting this... Somehow it didn't make to the list for the
first time.

--Mikhail 


> Srdjan,
> > I'm trying to use your patch to make GET and POST requests over SSL with
> proxy. 
> Initially I had troubles with GET in wwwssl sample. After changing
> > HTSSLhttps_init(YES);
> to
> HTSSLhttps_init(NO);
> > in wwwssl.c as suggested in some postings it still didn't work for me.
> GET request ended with -1 code. I found this message in the trace:
> > Read Socket. No read stream for net object 0x80c3a50
> > and I added 
> > HTNet_setReadStream(net, me);
> > in HTTP.c after HTNet_setPersistent(HTRequest_net(request), YES,
> HT_TP_SINGLE);
> > > if (HTRequest_method(request) == METHOD_CONNECT) {
> tt=HTStreamStack(WWW_MIME_HEAD,
> HTRequest_outputFormat(request),
> HTRequest_outputStream(request),
> request, YES);
> > me = HTTee(tt,
> HTTPStatus_new(request,
> NULL,
> WWW_MIME_HEAD,
> HTRequest_outputFormat(request),
> NULL),
> NULL);
> > HTNet_setPersistent(HTRequest_net(request), YES, HT_TP_SINGLE);
> HTNet_setReadStream(net, me);
> }
> > > This change seems to be fixed the problem with wwwssl and GET.
> > > However I still cannot make POST to work over SSL with proxy.
> Here is what happens...
> > The program opens connection to a proxy, issues CONNECT and receives
> "200 Connection established" after that proxy goes into tunneling mode
> and the program establishes SSL connection with the web server.
> The program dumps POST request headers and dives into infinite loop.
> It never calls select() during this loop. It doesn't flush the body
> of the POST message.
> > > Host Event.. FLUSH requested for  `https://www.ups.com/ups.app/xml/Rate'
> , but ignoring it as we're already processing a flush in this host
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> SSL_connect: error in SSLv3 read finished A
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Buffer...... Flushing 0x80c3a60
> **************** HTSSLWriter_write entering ****************
> SSL_connect: SSLv3 read finished A
> HTSSLWriter. SSL returned 0
> POST /xml/Rate HTTP/1.0^M
> Accept: */*;q=0.3^M
> TE: trailers^M
> Expect: 100-continue^M
> Host: www.ups.com^M
> User-Agent: libwww-POST/1.0 libwww/5.3.2^M
> Connection: TE,Keep-Alive^M
> Date: Tue, 19 Jun 2001 03:51:56 GMT^M
> Content-Length: 1207^M
> Content-Type: application/x-www-form-urlencoded^M
> ^M
> HTSSLWriter. 286 bytes written to 3
> Memory Free. 0x80edd60
> Memory Free. 0x80b75c0
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> > > Here is the log for the same scenario without proxy:
> > > > EventList... calling socket 3, request 0x80c2ab0 handler 0x8088f80 
type
> HTEvent_READ
> Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_READ
> SSL_connect: SSLv3 read finished A
> HTSSLReader. SSL returned 2
> HTSSLReader. WOULD BLOCK fd 3
> Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> ----------HTEvent_FLUSH
> Buffer...... Flushing 0x80cdc08
> **************** HTSSLWriter_write entering ****************
> HTSSLWriter. SSL returned 0
> POST /ups.app/xml/Rate HTTP/1.1^M
> Accept: */*;q=0.3^M
> TE: trailers^M
> Expect: 100-continue^M
> Host: www.ups.com^M
> User-Agent: libwww-POST/1.0 libwww/5.3.2^M
> Connection: TE,Keep-Alive^M
> Date: Tue, 19 Jun 2001 03:51:39 GMT^M
> Content-Length: 1207^M
> Content-Type: application/x-www-form-urlencoded^M
> ^M
> HTSSLWriter. 286 bytes written to 3
> Memory Free. 0x80c2a98
> Memory Free. 0x80c2a98
> Memory Free. 0x80e30a8
> Event Loop.. calling select: maxfds is 3
> ............ READ : 3
> ............ WRITE:
> ............ OOB  :
> ............ Timeout is 1 s, 897000 microsecs
> Event Loop.. select returns 0
> ............ READ :
> ............ WRITE:
> ............ OOB  :
> ............ Timeout is 0 s, 0 microsecs
> Event Loop.. calling select: maxfds is 3
> ............ READ : 3
> ............ WRITE:
> ............ OOB  :
> ............ Timeout is 0 s, 2000 microsecs
> > > > I appreciate your help.
> > Thank you,
> Mikhail Grushinskiy
> > > > > https over proxy patch
> > > > From: Srdjan Matovina -- Customer Engineering
> (srdjan@scot.canada.sun.com)
> > Date: Wed, Mar 21 2001
> > > > *Next message: Attila Uhljar: "POST and pipelining"
> > > > * Previous message: Fengyun Cao: "why webbot hangs on linux..."
> > * Next in thread: Srdjan Matovina -- Customer Engineering: "Re: https
> over proxy patch"
> > * Reply: Srdjan Matovina -- Customer Engineering: "Re: https over
> proxy patch"
> > * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > * Other mail archives: [this mailing list] [other W3C mailing lists]
> > * Mail actions: [ respond to this message ] [ mail a new topic ]
> > > >
> ------------------------------------------------------------------------
> > > > Date: Wed, 21 Mar 2001 12:53:04 -0500 (EST)
> > Message-Id: <200103211748.MAA224586@discover.canada.sun.com>
> > From: Srdjan Matovina -- Customer Engineering
> <srdjan@scot.canada.sun.com>
> > To: www-lib@w3.org
> > Subject: https over proxy patch
> > > > Hi,
> > In the last three weeks I was working to implement patch that will
> enable https
> > connection over proxy. I contacted Olga Antropova and she sent me her
> > implementation based on an old code base of the libwww. I've integrated
> into
> > 5.3.2 code base and did some testing by using wwwssl example by adding
> > HTProxy_add("http", "http://proxy:8888");
> > and on some application level code.
> > As well I've send a path to <tudor.hulubei@ecora.com> to do independent
> test of
> > the patch. All the tests were secuessfull.
> > Here is Olga comments on how she implemented this feature:
> > > >Basically in HTAuthFilter I change method from what it was to CONNECT
> and
> > > >have HTTPS_proxyAfterFilter that changes method back to original if
> > connect
> > > >was ok.
> > > >So I added CONNECT method to the mehtods.
> > > >Also I have some changes in HTChannel.c
> > > >And I do not use https connection management in HTSSL.c
> > > >
> > > > Find attached the diff file for https over proxy.
> > > > Regards, Srdjan
> > ====
> > Srdjan Matovina
> > Sun Microsystems Americas Customer Engineering
> > srdjan.matovina@canada.sun.com
> > Ph.(905) 415-2883 Fax.(905) 477-0217
> > > > ------------- Begin Forwarded Message -------------
> > > > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Date: Mon, 19 Mar 2001 12:18:30 -0500 (EST)
> > From: Tudor Hulubei <tudor.hulubei@ecora.com>
> > To: Srdjan Matovina -- Customer Engineering
> <srdjan@opcom-mail.canada.sun.com>
> > Subject: Re: SSL through a proxy w/ libwww
> > > > On Monday, 19 March 2001, Srdjan Matovina -- Customer Engineering
> wrote:
> > > I set my proxy server:
> > > HTProxy_add(http, "http://proxy:8888");
> > > With this setup I can get the page no problem.
> > >
> > > If I set proxy like: HTProxy_add(https, "https://proxy:8888");
> > > then client never connect to the secure server and also client is
> going into
> > > infinitive loop. Have to kill the client process.
> > > Try add the proxy with http protocol type, not with https:
> > >
> > > HTProxy_add(http, "http://proxy:8888");
> > > Let me know the result!
> > > > Well, good news!  It does work, indeed, after I took the "s" out from
> > "https" in HTProxy_add.  Thanks!  Let me know if there is something
> > else that you want me to test.
> > > > Tudor
> > > > ------------- End Forwarded Message -------------
> > > > ------------- Begin Forwarded Message -------------
> > > > X-Authentication-Warning: balefire.eai.com: uucp set sender to
> <olga@eai.com>
> > using -f
> > Really-From: olga@eai.com
> > From: "Olga Antropova" <olga@eai.com>
> > To: "Srdjan Matovina -- Customer Engineering"
> <srdjan@opcom-mail.canada.sun.com>
> > Cc: <antonb@opcom-mail.canada.sun.com>, "Olga Antropova" <olga@eai.com>
> > Subject: Re: SSL patch: Can you do that??
> > Date: Thu, 8 Mar 2001 13:07:33 -0600
> > MIME-Version: 1.0
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
> > > > Hi,
> > > > I think *CachingState is not relevant and should not be merged.
> > > > I am impressed with the fact that you are almost finished. Please be
> careful
> > to merge only the pieces that make sense.
> > And please be sure to test the resulting patch intensively before
> sending it
> > to the library. (We do not want to break it :-)
> > > > Also I am sure that I have missed some more files.
> > > > Olga.
> > ----- Original Message -----
> > From: "Srdjan Matovina -- Customer Engineering"
> <srdjan@scot.canada.sun.com>
> > To: <olga@eai.com>
> > Cc: <antonb@discover.canada.sun.com>
> > Sent: Thursday, March 08, 2001 10:39 AM
> > Subject: Re: SSL patch: Can you do that??
> > > > > Hi Olga,
> > >
> > > Thanks a lot for ssl over proxy patch code. I am integrating your ssl
> > patch into
> > > latest libwww. So far I am almost finished with integration except for
> the
> > > following function implementation that you missed to send:
> > >
> > > extern void HTRequest_setUseHTTPS(HTRequest *, BOOL val);
> > > extern BOOL HTRequest_useHTTPS(HTRequest *);
> > >
> > > extern void HTRequest_setCachingState(HTRequest *, BOOL val);
> > > extern BOOL HTRequest_cachingState(HTRequest *);
> > >
> > > extern void HTRequest_setHTTPSRequest(HTRequest *, BOOL val);
> > > extern BOOL HTRequest_isHTTPSRequest(HTRequest *);
> > >
> > > extern void HTRequest_saveOrigMethod(HTRequest *);
> > > extern HTMethod HTRequest_origMethod(HTRequest *);
> > >
> > > extern int HTRequest_httpsProxyRetries(HTRequest *);
> > > extern void HTRequest_httpsProxyAddRetry(HTRequest *);
> > >
> > > Those are the function declaration from HTReq.h file.
> > >
> > > If you could send it to me that would be great.
> > >
> > > Thanks a lot
> > >
> > > Srdjan
> > > >Date: Wed, 7 Mar 2001 13:12:19 -0500 (EST)
> > > >From: Anton Belov -- Customer Engineering
> > <antonb@opcom-mail.canada.sun.com>
> > > >Subject: SSL patch: Can you do that??
> > > >To: srdjan@canada.sun.com
> > > >MIME-Version: 1.0
> > > >
> > > >
> > > >------------- Begin Forwarded Message -------------
> > > >
> > > >X-Authentication-Warning: balefire.eai.com: uucp set sender to
> > <olga@eai.com>
> > > >using -f
> > > >Really-From: olga@eai.com
> > > >From: "Olga Antropova" <olga@eai.com>
> > > >To: "Anton Belov -- Customer Engineering"
> > <antonb@opcom-mail.canada.sun.com>,
> > > >"Olga Antropova" <olga@eai.com>
> > > >Subject: SSL patch: Can you do that??
> > > >Date: Wed, 7 Mar 2001 11:06:09 -0600
> > > >MIME-Version: 1.0
> > > >X-Priority: 3
> > > >X-MSMail-Priority: Normal
> > > >X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
> > > >
> > > >Privet Anton!
> > > >
> > > >I have it working but my codebase is old and the code is not perfect
> :-)
> > > >(well... ugly)
> > > >
> > > >Basically in HTAuthFilter I change method from what it was to CONNECT
> and
> > > >have HTTPS_proxyAfterFilter that changes method back to original if
> > connect
> > > >was ok.
> > > >So I added CONNECT method to the mehtods.
> > > >Also I have some changes in HTChannel.c
> > > >And I do not use https connection management in HTSSL.c
> > > >
> > > >So I am attaching the files.
> > > >If you can make sense and even make patch for the current version of
> www
> > of
> > > >that stuff it would be great!
> > > >I just absolutely have no time for that.
> > > >
> > > >Let me know if I missed some files.
> > > >Caution: the files contain some changes not relevant to SSL support.
> > > >
> > > >Schastlivo!
> > > >
> > > >Olga.
> > > >
> > > >
> > > >----- Original Message -----
> > > >From: "Anton Belov -- Customer Engineering"
> <antonb@scot.canada.sun.com>
> > > >To: <www-lib@w3.org>
> > > >Sent: Wednesday, March 07, 2001 10:22 AM
> > > >Subject: https & proxy
> > > >
> > > >
> > > >> Hi !
> > > >>
> > > >> I'm trying to understand why i cannot do https through proxy (if
> anyone
> > > >has it
> > > >> working, please let me know); To my understanding there are two
> ways to
> > do
> > > >it:
> > > >>
> > > >> - one is when the communication between client and proxy is
> regular
> > HTTP,
> > > >and
> > > >> proxy to the destination is HTTPS. In this case client doesn't
> even
> > > >need to
> > > >> support SSL, because all the SSL work will be done by the proxy,
> > which
> > > >> requires proxy to be configured for that. And i think not all of
> > them
> > > >are -
> > > >> in my particular case i'd always get "500 Internal Server Error"
> > from
> > > >the
> > > >> proxy.
> > > >>
> > > >> - the other, and prefered way is to use proxy SSL tunneling, which
> is
> > > >> established using CONNECT command to the proxy, and getting the
> 200
> > > >> response if the destination server has accepted the connection.
> > Here's
> > > >> the spec for this:
> > > >>
> > >
> >
> >http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-prox
> y-
> > t
> > > >unne
> > > >> ling-01.txt
> > > >>
> > > >> This is not implemented in LibWWW, am i correct ? Is anyone
> working
> > on
> > > >this
> > > >> right now ?
> > > >>
> > > >>
> > > >> Best Regards,
> > > >> Anton
> > > >>
> > > >>
> > > >>
> > > >>
> ~v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^vv^v^v^v^v^v^v^v^v^v^v^~
> > > >>
> > > >> Anton Belov
> > > >> Sun Microsystems Americas Customer Engineering
> > > >> anton.belov@canada.sun.com
> > > >> Ph. (905)415-2841  Fax. (905)477-0217
> > > >>
> > > >>
> > > >
> > > >------------- End Forwarded Message -------------
> > > >
> > > >
> > > >~v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^vv^v^v^v^v^v^v^v^v^v^v^~
> > > >
> > > >Anton Belov
> > > >Sun Microsystems Americas Customer Engineering
> > > >anton.belov@canada.sun.com
> > > >Ph. (905)415-2841  Fax. (905)477-0217
> > > >
> > >
> > > ====
> > > Srdjan Matovina
> > > Sun Microsystems Americas Customer Engineering
> > > srdjan.matovina@canada.sun.com
> > > Ph.(905) 415-2883 Fax.(905) 477-0217
> > >
> > >
> > > > ------------- End Forwarded Message -------------
> > > >
> ------------------------------------------------------------------------
> > > > * APPLICATION/x-sun-compress attachment: https-proxy.tar.Z
> > > >
> ------------------------------------------------------------------------
> > > > * Next message: Attila Uhljar: "POST and pipelining"
> > * Previous message: Fengyun Cao: "why webbot hangs on linux..."
> > * Next in thread: Srdjan Matovina -- Customer Engineering: "Re: https
> over proxy patch"
> > * Reply: Srdjan Matovina -- Customer Engineering: "Re: https over
> proxy patch"
> > * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > * Other mail archives: [this mailing list] [other W3C mailing lists]
> > * Mail actions: [ respond to this message ] [ mail a new topic ]

 

Received on Tuesday, 21 August 2001 03:11:58 UTC