GNU bug report logs - #11788
url-http does not properly handle https over proxy

Previous Next

Full log

Message #8 received at 11788 <at> debbugs.gnu.org (full text, mbox):

From: Ivan Shmakov <ivan <at> siamics.net>
To: 11788 <at> debbugs.gnu.org
Subject: [babc40c4] still fails to implement HTTPS over HTTP proxy properly 
Date: Tue, 03 Dec 2013 08:31:14 +0000

	Example:

(setq url-proxy-services
      '(("https" . "squid.example.net:3128")
        ("http"  . "squid.example.net:3128")))

(url-retrieve "http://example.com/"
              (lambda (&rest args) (message "%S" args)))
; → #<buffer  *http proxy.example.net:3128-668753*>
; the buffer holds the expected HTTP response

(url-retrieve "https://duckduckgo.com/"
              (lambda (&rest args) (message "%S" args)))
; → #<buffer  *http proxy.example.net:3128*-832895>
; the buffer holds an error from the proxy

	A part of the problem is in url-proxy:

    68	(defun url-proxy (url callback &optional cbargs)
    69	  ;; Retrieve URL from a proxy.
    70	  ;; Expects `url-using-proxy' to be bound to the specific proxy to use."
    71	  (setq url-using-proxy (url-generic-parse-url url-using-proxy))
    72	
    73	  (cond
    74	   ((string= (url-type url-using-proxy) "http")
    75	    (url-http url callback cbargs))

	Here, neither url-http (which issues the request in plain) nor
	url-https (which tries to establish a TLS connection right away)
	could be appropriate when requesting an HTTPS URI.

	Instead, a plain connection should be established, followed by a
	CONNECT request to the target HOSTNAME:PORT pair, and only
	thereafter TLS is to be started.

    76	   (t
    77	    (error "Don't know how to use proxy `%s'" url-using-proxy))))

-- 
FSF associate member #7257

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.