From: lo2net <fangtao0901@gmail.com>
To: schwab@linux-m68k.org, ivan@siamics.net, 11788@debbugs.gnu.org
Subject: bug#11788: [babc40c4] still fails to implement HTTPS over HTTP proxy properly
Date: Sat, 25 Jul 2015 00:32:28 +0800 [thread overview]
Message-ID: <87io998qjn.fsf@gmail.com> (raw)
In-Reply-To: <87siua8hf1.fsf@violet.siamics.net> (Ivan Shmakov's message of "Tue, 03 Dec 2013 08:31:14 +0000")
[-- Attachment #1: Type: text/plain, Size: 507 bytes --]
Hi all,
I've wrote a patch to fix this, it works fine for me with gnutls
support enabled, so I thought it may be useful.
PS: If without gnutls support, it needs to be modified to use external
program with https via proxy support(e.g. openssl s_client post-May 2015 release version:
http://rt.openssl.org/Ticket/Display.html?id=2651) other than just throw an
error. But I think very few people will need this since this bug report
stayed with outstanding status for such a long time.
Here is the patch:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-fix-url-https-over-proxy-implement.patch --]
[-- Type: text/x-diff, Size: 8408 bytes --]
From 50ad7c62ac8e34a43b8201702153fd6548d09a10 Mon Sep 17 00:00:00 2001
From: lo2net <fangtao0901@gmail.com>
Date: Fri, 24 Jul 2015 23:19:26 +0800
Subject: [PATCH] fix url https over proxy implement
---
lisp/url/url-http.el | 106 ++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 92 insertions(+), 14 deletions(-)
diff --git a/lisp/url/url-http.el b/lisp/url/url-http.el
index 6a7d8e2..2bcd0cf 100644
--- a/lisp/url/url-http.el
+++ b/lisp/url/url-http.el
@@ -207,7 +207,7 @@ request.")
;; `url-open-stream' needs a buffer in which to do things
;; like authentication. But we use another buffer afterwards.
(unwind-protect
- (let ((proc (url-open-stream host buf host port gateway-method)))
+ (let ((proc (url-open-stream host buf (if url-using-proxy (url-host url-using-proxy) host) (if url-using-proxy (url-port url-using-proxy) port) gateway-method)))
;; url-open-stream might return nil.
(when (processp proc)
;; Drop the temp buffer link before killing the buffer.
@@ -912,6 +912,7 @@ should be shown to the user."
;; These unfortunately cannot be macros... please ignore them!
(defun url-http-idle-sentinel (proc why)
"Remove (now defunct) process PROC from the list of open connections."
+ (url-http-debug "url-http-idle-sentinel(%s %s)" proc why)
(maphash (lambda (key val)
(if (memq proc val)
(puthash key (delq proc val) url-http-open-connections)))
@@ -922,7 +923,7 @@ should be shown to the user."
;; and (ii) closed connection due to reusing a HTTP connection which
;; we believed was still alive, but which the server closed on us.
;; We handle case (ii) by calling `url-http' again.
- (url-http-debug "url-http-end-of-document-sentinel in buffer (%s)"
+ (url-http-debug "url-http-end-of-document-sentinel(%s %s) in buffer (%s)" proc why
(process-buffer proc))
(url-http-idle-sentinel proc why)
(when (buffer-name (process-buffer proc))
@@ -936,7 +937,11 @@ should be shown to the user."
(erase-buffer)
(let ((url-request-method url-http-method)
(url-request-extra-headers url-http-extra-headers)
- (url-request-data url-http-data))
+ (url-request-data url-http-data)
+ (url-using-proxy (url-find-proxy-for-url url-current-object (url-host url-current-object)))
+ )
+ (when url-using-proxy
+ (setq url-using-proxy (url-generic-parse-url url-using-proxy)))
(url-http url-current-object url-callback-function
url-callback-arguments (current-buffer)))))
((url-http-parse-headers)
@@ -1217,16 +1222,16 @@ overriding the value of `url-gateway-method'."
(nsm-noninteractive (or url-request-noninteractive
(and (boundp 'url-http-noninteractive)
url-http-noninteractive)))
- (connection (url-http-find-free-connection host port gateway-method))
+ (connection (url-http-find-free-connection (url-host url) (url-port url) gateway-method))
(buffer (or retry-buffer
(generate-new-buffer
- (format " *http %s:%d*" host port)))))
+ (format " *http %s:%d*" (url-host url) (url-port url))))))
(if (not connection)
;; Failed to open the connection for some reason
(progn
(kill-buffer buffer)
(setq buffer nil)
- (error "Could not create connection to %s:%d" host port))
+ (error "Could not create connection to %s:%d" (url-host url) (url-port url)))
(with-current-buffer buffer
(mm-disable-multibyte)
(setq url-current-object url
@@ -1274,22 +1279,91 @@ overriding the value of `url-gateway-method'."
(set-process-buffer connection buffer)
(set-process-filter connection 'url-http-generic-filter)
+
+ (url-http-debug "url-http() status: %s" (process-status connection))
+
(pcase (process-status connection)
(`connect
;; Asynchronous connection
(set-process-sentinel connection 'url-http-async-sentinel))
(`failed
;; Asynchronous connection failed
- (error "Could not create connection to %s:%d" host port))
+ (error "Could not create connection to %s:%d" (url-host url) (url-port url)))
(_
+ (if (and url-http-proxy (string= "https" (url-type url-current-object)))
+ (url-https-proxy-connect connection)
+
(set-process-sentinel connection
'url-http-end-of-document-sentinel)
- (process-send-string connection (url-http-create-request))))))
- buffer))
+ (process-send-string connection (url-http-create-request))
+ )
+ )
+ )
+ ))
+
+ buffer)
+ )
+(defun url-https-proxy-connect (connection)
+ ;; https proxy
+ (setq url-http-after-change-function 'url-https-proxy-after-change-function)
+ (process-send-string connection (format (concat "CONNECT %s:%d HTTP/1.1\r\n"
+ "Host: %s\r\n"
+ "\r\n")
+ (url-host url-current-object) (or (url-port url-current-object) 443) (url-host url-current-object)))
+ )
+(defun url-https-proxy-after-change-function (st nd length)
+ (let* ((process-buffer (current-buffer))
+ (proc (get-buffer-process process-buffer))
+ )
+ (goto-char (point-min))
+ (when (re-search-forward "^\r?\n" nil t)
+ (backward-char 1)
+ ;; Saw the end of the headers
+ (setq url-http-end-of-headers (set-marker (make-marker) (point)))
+ (url-http-parse-response)
+ (cond
+ ((null url-http-response-status)
+ ;; We got back a headerless malformed response from the
+ ;; server.
+ (url-http-activate-callback)
+ (error "Malformed response from proxy, fail!"))
+ ((= url-http-response-status 200)
+ (if (gnutls-available-p)
+ (condition-case e
+ (let ((tls-connection (gnutls-negotiate
+ :process proc
+ :hostname (url-host url-current-object)
+ :verify-error nil)))
+ (with-current-buffer process-buffer
+ (erase-buffer))
+ (set-process-buffer tls-connection process-buffer)
+ (setq url-http-after-change-function 'url-http-wait-for-headers-change-function)
+ (set-process-filter tls-connection 'url-http-generic-filter)
+ (process-send-string tls-connection (url-http-create-request))
+ )
+ (gnutls-error
+ (url-http-activate-callback)
+ (error "gnutls-error: %s" e))
+ (error
+ (url-http-activate-callback)
+ (error "error: %s" e))
+ )
+ (error "error: gnutls support needed!")
+ )
+ )
+ (t
+ ;; (setq url-http-connection-opened nil)
+ (url-http-activate-callback)
+ (error "error response: %d\n" url-http-response-status))
+ )
+ )
+ )
+ )
(defun url-http-async-sentinel (proc why)
;; We are performing an asynchronous connection, and a status change
;; has occurred.
+ (url-http-debug "url-http-async-sentinel(%s %s)" proc why)
(when (buffer-name (process-buffer proc))
(with-current-buffer (process-buffer proc)
(cond
@@ -1298,11 +1372,15 @@ overriding the value of `url-gateway-method'."
(url-http-end-of-document-sentinel proc why))
((string= (substring why 0 4) "open")
(setq url-http-connection-opened t)
- (condition-case error
- (process-send-string proc (url-http-create-request))
- (file-error
- (setq url-http-connection-opened nil)
- (message "HTTP error: %s" error))))
+ (if (and url-http-proxy (string= "https" (url-type url-current-object)))
+ (url-https-proxy-connect proc)
+ (condition-case error
+ (process-send-string proc (url-http-create-request))
+ (file-error
+ (setq url-http-connection-opened nil)
+ (message "HTTP error: %s" error)))
+ )
+ )
(t
(setf (car url-callback-arguments)
(nconc (list :error (list 'error 'connection-failed why
--
2.4.6
[-- Attachment #3: Type: text/plain, Size: 53 bytes --]
If anything goes wrong, please let me know, thanks!
next prev parent reply other threads:[~2015-07-24 16:32 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-26 10:11 bug#11788: url-http does not properly handle https over proxy Andreas Schwab
2013-12-03 8:31 ` bug#11788: [babc40c4] still fails to implement HTTPS over HTTP proxy properly Ivan Shmakov
2015-07-24 16:32 ` lo2net [this message]
2015-12-25 21:31 ` Lars Ingebrigtsen
2015-12-26 7:24 ` Eli Zaretskii
2015-12-30 16:16 ` lo2net
2015-12-30 16:50 ` Eli Zaretskii
2016-03-08 19:41 ` David Engster
2016-03-08 20:05 ` Eli Zaretskii
2016-03-15 15:47 ` Tao Fang
2016-03-16 16:23 ` Eli Zaretskii
2016-03-20 11:21 ` Lars Magne Ingebrigtsen
2016-03-22 15:31 ` Tao Fang
2016-04-04 20:21 ` Lars Magne Ingebrigtsen
2016-04-05 20:34 ` David Engster
2016-04-06 11:46 ` Lars Magne Ingebrigtsen
2016-04-06 18:01 ` David Engster
2016-04-06 18:09 ` John Wiegley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87io998qjn.fsf@gmail.com \
--to=fangtao0901@gmail.com \
--cc=11788@debbugs.gnu.org \
--cc=ivan@siamics.net \
--cc=schwab@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).