Date: Wed, 21 Aug 2013 05:22:20 GMT From: Kimo <kimor79@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/181445: [PATCH] fetch(3) - Host header required by some proxies for HTTPS Message-ID: <201308210522.r7L5MKAh005195@oldred.freebsd.org> Resent-Message-ID: <201308210530.r7L5U0p7043077@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 181445 >Category: misc >Synopsis: [PATCH] fetch(3) - Host header required by some proxies for HTTPS >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 21 05:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Kimo >Release: 9.1-RELEASE (but patched against HEAD) >Organization: >Environment: >Description: Some proxy servers, i.e., apache, enforce the Host header requirement on HTTP/1.1 requests even when the CONNECT method is given. The resulting response is "400 bad request". This patch adds the Host header immediately after the CONNECT method. However, even with the patch, the request will fail later on with SSL errors but that would be a different PR. >How-To-Repeat: I don't have a public apache-based proxy server to use but an apache configuration containing the following: ProxyRequests On SSLProxyEngine On AllowCONNECT 80 443 And then export HTTP_PROXY=http://theproxyserver:80/ fetch https://www.yahoo.com/ >Fix: Index: lib/libfetch/http.c =================================================================== --- lib/libfetch/http.c (revision 254593) +++ lib/libfetch/http.c (working copy) @@ -1400,6 +1400,8 @@ if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { http_cmd(conn, "CONNECT %s:%d HTTP/1.1", URL->host, URL->port); + http_cmd(conn, "Host: %s:%d", + URL->host, URL->port); http_cmd(conn, ""); if (http_get_reply(conn) != HTTP_OK) { fetch_close(conn); Patch attached with submission follows: Index: lib/libfetch/http.c =================================================================== --- lib/libfetch/http.c (revision 254593) +++ lib/libfetch/http.c (working copy) @@ -1400,6 +1400,8 @@ if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { http_cmd(conn, "CONNECT %s:%d HTTP/1.1", URL->host, URL->port); + http_cmd(conn, "Host: %s:%d", + URL->host, URL->port); http_cmd(conn, ""); if (http_get_reply(conn) != HTTP_OK) { fetch_close(conn); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308210522.r7L5MKAh005195>