W3C home > Mailing lists > Public > www-lib@w3.org > July to September 2001

RE: https over proxy patch

From: Grushinskiy, Mikhail, NNAD <mgrushinskiy@att.com>
Date: Tue, 21 Aug 2001 10:03:43 -0400
Message-ID: <F077ABEBFA27EA46AE61FB8B86591F7648CC11@OCCLUST01EVS1.ugd.att.com>
To: Jeff Simpson <jeff.simpson@supplysolution.com>, www-lib@w3.org
It's in attachment to this post:

http://lists.w3.org/Archives/Public/www-lib/2001JanMar/0230.html


> -----Original Message-----
> From:	Jeff Simpson [SMTP:jeff.simpson@supplysolution.com]
> Sent:	Tuesday, August 21, 2001 3:10 AM
> To:	www-lib@w3.org
> Subject:	Re:https over proxy patch
> 
> I'm kinda clueless here.  Where can I find this patch?  Or, is it merged
> into 
> the CVS codestream?  I've been looking around in the current CVS codebase
> and 
> found nothing regarding this patch.  
> 
> Any direction would be much appreciated.
> -Jeff
> 
>  Message-ID:
> <177C519EE5CCD31195390090278539D304C4D130@njb140po04.ems.att.com>
> From: "Grushinskiy, Mikhail" <mgrushinskiy@att.com>
> To: www-lib@w3.org
> Cc: srdjan.matovina@canada.sun.com, tudor.hulubei@ecora.com, olga@eai.com,
> 
> anton.belov@canada.sun.com, "Guo, Xuan C, NNAD" <xuanguo@att.com>
> Date: Thu, 21 Jun 2001 17:01:11 -0400
> Subject: https over proxy patch
> 
> 
> Sorry for resposting this... Somehow it didn't make to the list for the
> first time.
> 
> --Mikhail 
> 
> 
> > Srdjan,
> > > I'm trying to use your patch to make GET and POST requests over SSL
> with
> > proxy. 
> > Initially I had troubles with GET in wwwssl sample. After changing
> > > HTSSLhttps_init(YES);
> > to
> > HTSSLhttps_init(NO);
> > > in wwwssl.c as suggested in some postings it still didn't work for me.
> > GET request ended with -1 code. I found this message in the trace:
> > > Read Socket. No read stream for net object 0x80c3a50
> > > and I added 
> > > HTNet_setReadStream(net, me);
> > > in HTTP.c after HTNet_setPersistent(HTRequest_net(request), YES,
> > HT_TP_SINGLE);
> > > > if (HTRequest_method(request) == METHOD_CONNECT) {
> > tt=HTStreamStack(WWW_MIME_HEAD,
> > HTRequest_outputFormat(request),
> > HTRequest_outputStream(request),
> > request, YES);
> > > me = HTTee(tt,
> > HTTPStatus_new(request,
> > NULL,
> > WWW_MIME_HEAD,
> > HTRequest_outputFormat(request),
> > NULL),
> > NULL);
> > > HTNet_setPersistent(HTRequest_net(request), YES, HT_TP_SINGLE);
> > HTNet_setReadStream(net, me);
> > }
> > > > This change seems to be fixed the problem with wwwssl and GET.
> > > > However I still cannot make POST to work over SSL with proxy.
> > Here is what happens...
> > > The program opens connection to a proxy, issues CONNECT and receives
> > "200 Connection established" after that proxy goes into tunneling mode
> > and the program establishes SSL connection with the web server.
> > The program dumps POST request headers and dives into infinite loop.
> > It never calls select() during this loop. It doesn't flush the body
> > of the POST message.
> > > > Host Event.. FLUSH requested for
> `https://www.ups.com/ups.app/xml/Rate'
> > , but ignoring it as we're already processing a flush in this host
> > Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_READ
> > SSL_connect: error in SSLv3 read finished A
> > HTSSLReader. SSL returned 2
> > HTSSLReader. WOULD BLOCK fd 3
> > Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_FLUSH
> > Buffer...... Flushing 0x80c3a60
> > **************** HTSSLWriter_write entering ****************
> > SSL_connect: SSLv3 read finished A
> > HTSSLWriter. SSL returned 0
> > POST /xml/Rate HTTP/1.0^M
> > Accept: */*;q=0.3^M
> > TE: trailers^M
> > Expect: 100-continue^M
> > Host: www.ups.com^M
> > User-Agent: libwww-POST/1.0 libwww/5.3.2^M
> > Connection: TE,Keep-Alive^M
> > Date: Tue, 19 Jun 2001 03:51:56 GMT^M
> > Content-Length: 1207^M
> > Content-Type: application/x-www-form-urlencoded^M
> > ^M
> > HTSSLWriter. 286 bytes written to 3
> > Memory Free. 0x80edd60
> > Memory Free. 0x80b75c0
> > Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_READ
> > HTSSLReader. SSL returned 2
> > HTSSLReader. WOULD BLOCK fd 3
> > Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_FLUSH
> > Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_READ
> > HTSSLReader. SSL returned 2
> > HTSSLReader. WOULD BLOCK fd 3
> > Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_FLUSH
> > Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_READ
> > > > Here is the log for the same scenario without proxy:
> > > > > EventList... calling socket 3, request 0x80c2ab0 handler 0x8088f80
> 
> type
> > HTEvent_READ
> > Host Event.. READ passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_READ
> > SSL_connect: SSLv3 read finished A
> > HTSSLReader. SSL returned 2
> > HTSSLReader. WOULD BLOCK fd 3
> > Host Event.. FLUSH passed to `https://www.ups.com/ups.app/xml/Rate'
> > ----------HTEvent_FLUSH
> > Buffer...... Flushing 0x80cdc08
> > **************** HTSSLWriter_write entering ****************
> > HTSSLWriter. SSL returned 0
> > POST /ups.app/xml/Rate HTTP/1.1^M
> > Accept: */*;q=0.3^M
> > TE: trailers^M
> > Expect: 100-continue^M
> > Host: www.ups.com^M
> > User-Agent: libwww-POST/1.0 libwww/5.3.2^M
> > Connection: TE,Keep-Alive^M
> > Date: Tue, 19 Jun 2001 03:51:39 GMT^M
> > Content-Length: 1207^M
> > Content-Type: application/x-www-form-urlencoded^M
> > ^M
> > HTSSLWriter. 286 bytes written to 3
> > Memory Free. 0x80c2a98
> > Memory Free. 0x80c2a98
> > Memory Free. 0x80e30a8
> > Event Loop.. calling select: maxfds is 3
> > ............ READ : 3
> > ............ WRITE:
> > ............ OOB  :
> > ............ Timeout is 1 s, 897000 microsecs
> > Event Loop.. select returns 0
> > ............ READ :
> > ............ WRITE:
> > ............ OOB  :
> > ............ Timeout is 0 s, 0 microsecs
> > Event Loop.. calling select: maxfds is 3
> > ............ READ : 3
> > ............ WRITE:
> > ............ OOB  :
> > ............ Timeout is 0 s, 2000 microsecs
> > > > > I appreciate your help.
> > > Thank you,
> > Mikhail Grushinskiy
> > > > > > https over proxy patch
> > > > > From: Srdjan Matovina -- Customer Engineering
> > (srdjan@scot.canada.sun.com)
> > > Date: Wed, Mar 21 2001
> > > > > *Next message: Attila Uhljar: "POST and pipelining"
> > > > > * Previous message: Fengyun Cao: "why webbot hangs on linux..."
> > > * Next in thread: Srdjan Matovina -- Customer Engineering: "Re: https
> > over proxy patch"
> > > * Reply: Srdjan Matovina -- Customer Engineering: "Re: https over
> > proxy patch"
> > > * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > > * Other mail archives: [this mailing list] [other W3C mailing lists]
> > > * Mail actions: [ respond to this message ] [ mail a new topic ]
> > > > >
> > ------------------------------------------------------------------------
> > > > > Date: Wed, 21 Mar 2001 12:53:04 -0500 (EST)
> > > Message-Id: <200103211748.MAA224586@discover.canada.sun.com>
> > > From: Srdjan Matovina -- Customer Engineering
> > <srdjan@scot.canada.sun.com>
> > > To: www-lib@w3.org
> > > Subject: https over proxy patch
> > > > > Hi,
> > > In the last three weeks I was working to implement patch that will
> > enable https
> > > connection over proxy. I contacted Olga Antropova and she sent me her
> > > implementation based on an old code base of the libwww. I've
> integrated
> > into
> > > 5.3.2 code base and did some testing by using wwwssl example by adding
> > > HTProxy_add("http", "http://proxy:8888");
> > > and on some application level code.
> > > As well I've send a path to <tudor.hulubei@ecora.com> to do
> independent
> > test of
> > > the patch. All the tests were secuessfull.
> > > Here is Olga comments on how she implemented this feature:
> > > > >Basically in HTAuthFilter I change method from what it was to
> CONNECT
> > and
> > > > >have HTTPS_proxyAfterFilter that changes method back to original if
> > > connect
> > > > >was ok.
> > > > >So I added CONNECT method to the mehtods.
> > > > >Also I have some changes in HTChannel.c
> > > > >And I do not use https connection management in HTSSL.c
> > > > >
> > > > > Find attached the diff file for https over proxy.
> > > > > Regards, Srdjan
> > > ====
> > > Srdjan Matovina
> > > Sun Microsystems Americas Customer Engineering
> > > srdjan.matovina@canada.sun.com
> > > Ph.(905) 415-2883 Fax.(905) 477-0217
> > > > > ------------- Begin Forwarded Message -------------
> > > > > MIME-Version: 1.0
> > > Content-Transfer-Encoding: 7bit
> > > Date: Mon, 19 Mar 2001 12:18:30 -0500 (EST)
> > > From: Tudor Hulubei <tudor.hulubei@ecora.com>
> > > To: Srdjan Matovina -- Customer Engineering
> > <srdjan@opcom-mail.canada.sun.com>
> > > Subject: Re: SSL through a proxy w/ libwww
> > > > > On Monday, 19 March 2001, Srdjan Matovina -- Customer Engineering
> > wrote:
> > > > I set my proxy server:
> > > > HTProxy_add(http, "http://proxy:8888");
> > > > With this setup I can get the page no problem.
> > > >
> > > > If I set proxy like: HTProxy_add(https, "https://proxy:8888");
> > > > then client never connect to the secure server and also client is
> > going into
> > > > infinitive loop. Have to kill the client process.
> > > > Try add the proxy with http protocol type, not with https:
> > > >
> > > > HTProxy_add(http, "http://proxy:8888");
> > > > Let me know the result!
> > > > > Well, good news!  It does work, indeed, after I took the "s" out
> from
> > > "https" in HTProxy_add.  Thanks!  Let me know if there is something
> > > else that you want me to test.
> > > > > Tudor
> > > > > ------------- End Forwarded Message -------------
> > > > > ------------- Begin Forwarded Message -------------
> > > > > X-Authentication-Warning: balefire.eai.com: uucp set sender to
> > <olga@eai.com>
> > > using -f
> > > Really-From: olga@eai.com
> > > From: "Olga Antropova" <olga@eai.com>
> > > To: "Srdjan Matovina -- Customer Engineering"
> > <srdjan@opcom-mail.canada.sun.com>
> > > Cc: <antonb@opcom-mail.canada.sun.com>, "Olga Antropova"
> <olga@eai.com>
> > > Subject: Re: SSL patch: Can you do that??
> > > Date: Thu, 8 Mar 2001 13:07:33 -0600
> > > MIME-Version: 1.0
> > > X-Priority: 3
> > > X-MSMail-Priority: Normal
> > > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
> > > > > Hi,
> > > > > I think *CachingState is not relevant and should not be merged.
> > > > > I am impressed with the fact that you are almost finished. Please
> be
> > careful
> > > to merge only the pieces that make sense.
> > > And please be sure to test the resulting patch intensively before
> > sending it
> > > to the library. (We do not want to break it :-)
> > > > > Also I am sure that I have missed some more files.
> > > > > Olga.
> > > ----- Original Message -----
> > > From: "Srdjan Matovina -- Customer Engineering"
> > <srdjan@scot.canada.sun.com>
> > > To: <olga@eai.com>
> > > Cc: <antonb@discover.canada.sun.com>
> > > Sent: Thursday, March 08, 2001 10:39 AM
> > > Subject: Re: SSL patch: Can you do that??
> > > > > > Hi Olga,
> > > >
> > > > Thanks a lot for ssl over proxy patch code. I am integrating your
> ssl
> > > patch into
> > > > latest libwww. So far I am almost finished with integration except
> for
> > the
> > > > following function implementation that you missed to send:
> > > >
> > > > extern void HTRequest_setUseHTTPS(HTRequest *, BOOL val);
> > > > extern BOOL HTRequest_useHTTPS(HTRequest *);
> > > >
> > > > extern void HTRequest_setCachingState(HTRequest *, BOOL val);
> > > > extern BOOL HTRequest_cachingState(HTRequest *);
> > > >
> > > > extern void HTRequest_setHTTPSRequest(HTRequest *, BOOL val);
> > > > extern BOOL HTRequest_isHTTPSRequest(HTRequest *);
> > > >
> > > > extern void HTRequest_saveOrigMethod(HTRequest *);
> > > > extern HTMethod HTRequest_origMethod(HTRequest *);
> > > >
> > > > extern int HTRequest_httpsProxyRetries(HTRequest *);
> > > > extern void HTRequest_httpsProxyAddRetry(HTRequest *);
> > > >
> > > > Those are the function declaration from HTReq.h file.
> > > >
> > > > If you could send it to me that would be great.
> > > >
> > > > Thanks a lot
> > > >
> > > > Srdjan
> > > > >Date: Wed, 7 Mar 2001 13:12:19 -0500 (EST)
> > > > >From: Anton Belov -- Customer Engineering
> > > <antonb@opcom-mail.canada.sun.com>
> > > > >Subject: SSL patch: Can you do that??
> > > > >To: srdjan@canada.sun.com
> > > > >MIME-Version: 1.0
> > > > >
> > > > >
> > > > >------------- Begin Forwarded Message -------------
> > > > >
> > > > >X-Authentication-Warning: balefire.eai.com: uucp set sender to
> > > <olga@eai.com>
> > > > >using -f
> > > > >Really-From: olga@eai.com
> > > > >From: "Olga Antropova" <olga@eai.com>
> > > > >To: "Anton Belov -- Customer Engineering"
> > > <antonb@opcom-mail.canada.sun.com>,
> > > > >"Olga Antropova" <olga@eai.com>
> > > > >Subject: SSL patch: Can you do that??
> > > > >Date: Wed, 7 Mar 2001 11:06:09 -0600
> > > > >MIME-Version: 1.0
> > > > >X-Priority: 3
> > > > >X-MSMail-Priority: Normal
> > > > >X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
> > > > >
> > > > >Privet Anton!
> > > > >
> > > > >I have it working but my codebase is old and the code is not
> perfect
> > :-)
> > > > >(well... ugly)
> > > > >
> > > > >Basically in HTAuthFilter I change method from what it was to
> CONNECT
> > and
> > > > >have HTTPS_proxyAfterFilter that changes method back to original if
> > > connect
> > > > >was ok.
> > > > >So I added CONNECT method to the mehtods.
> > > > >Also I have some changes in HTChannel.c
> > > > >And I do not use https connection management in HTSSL.c
> > > > >
> > > > >So I am attaching the files.
> > > > >If you can make sense and even make patch for the current version
> of
> > www
> > > of
> > > > >that stuff it would be great!
> > > > >I just absolutely have no time for that.
> > > > >
> > > > >Let me know if I missed some files.
> > > > >Caution: the files contain some changes not relevant to SSL
> support.
> > > > >
> > > > >Schastlivo!
> > > > >
> > > > >Olga.
> > > > >
> > > > >
> > > > >----- Original Message -----
> > > > >From: "Anton Belov -- Customer Engineering"
> > <antonb@scot.canada.sun.com>
> > > > >To: <www-lib@w3.org>
> > > > >Sent: Wednesday, March 07, 2001 10:22 AM
> > > > >Subject: https & proxy
> > > > >
> > > > >
> > > > >> Hi !
> > > > >>
> > > > >> I'm trying to understand why i cannot do https through proxy (if
> > anyone
> > > > >has it
> > > > >> working, please let me know); To my understanding there are two
> > ways to
> > > do
> > > > >it:
> > > > >>
> > > > >> - one is when the communication between client and proxy is
> > regular
> > > HTTP,
> > > > >and
> > > > >> proxy to the destination is HTTPS. In this case client doesn't
> > even
> > > > >need to
> > > > >> support SSL, because all the SSL work will be done by the proxy,
> > > which
> > > > >> requires proxy to be configured for that. And i think not all of
> > > them
> > > > >are -
> > > > >> in my particular case i'd always get "500 Internal Server Error"
> > > from
> > > > >the
> > > > >> proxy.
> > > > >>
> > > > >> - the other, and prefered way is to use proxy SSL tunneling,
> which
> > is
> > > > >> established using CONNECT command to the proxy, and getting the
> > 200
> > > > >> response if the destination server has accepted the connection.
> > > Here's
> > > > >> the spec for this:
> > > > >>
> > > >
> > >
> >
> >http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-prox
> > y-
> > > t
> > > > >unne
> > > > >> ling-01.txt
> > > > >>
> > > > >> This is not implemented in LibWWW, am i correct ? Is anyone
> > working
> > > on
> > > > >this
> > > > >> right now ?
> > > > >>
> > > > >>
> > > > >> Best Regards,
> > > > >> Anton
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > ~v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^vv^v^v^v^v^v^v^v^v^v^v^~
> > > > >>
> > > > >> Anton Belov
> > > > >> Sun Microsystems Americas Customer Engineering
> > > > >> anton.belov@canada.sun.com
> > > > >> Ph. (905)415-2841  Fax. (905)477-0217
> > > > >>
> > > > >>
> > > > >
> > > > >------------- End Forwarded Message -------------
> > > > >
> > > > >
> > > >
> >~v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^vv^v^v^v^v^v^v^v^v^v^v^~
> > > > >
> > > > >Anton Belov
> > > > >Sun Microsystems Americas Customer Engineering
> > > > >anton.belov@canada.sun.com
> > > > >Ph. (905)415-2841  Fax. (905)477-0217
> > > > >
> > > >
> > > > ====
> > > > Srdjan Matovina
> > > > Sun Microsystems Americas Customer Engineering
> > > > srdjan.matovina@canada.sun.com
> > > > Ph.(905) 415-2883 Fax.(905) 477-0217
> > > >
> > > >
> > > > > ------------- End Forwarded Message -------------
> > > > >
> > ------------------------------------------------------------------------
> > > > > * APPLICATION/x-sun-compress attachment: https-proxy.tar.Z
> > > > >
> > ------------------------------------------------------------------------
> > > > > * Next message: Attila Uhljar: "POST and pipelining"
> > > * Previous message: Fengyun Cao: "why webbot hangs on linux..."
> > > * Next in thread: Srdjan Matovina -- Customer Engineering: "Re: https
> > over proxy patch"
> > > * Reply: Srdjan Matovina -- Customer Engineering: "Re: https over
> > proxy patch"
> > > * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > > * Other mail archives: [this mailing list] [other W3C mailing lists]
> > > * Mail actions: [ respond to this message ] [ mail a new topic ]
> 
>  
> 
Received on Tuesday, 21 August 2001 10:04:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:39 GMT