From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Yuri Khan Newsgroups: gmane.emacs.help Subject: Re: `url-retrieve' for https behind proxy: 400 bad request Date: Tue, 8 Nov 2016 18:19:17 +0600 Message-ID: References: <20161108115818.GB13267@tuxteam.de> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1478616871 6456 195.159.176.226 (8 Nov 2016 14:54:31 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 8 Nov 2016 14:54:31 +0000 (UTC) Cc: "help-gnu-emacs@gnu.org" To: tomas@tuxteam.de Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Tue Nov 08 15:54:19 2016 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1c47mF-0003z0-Dm for geh-help-gnu-emacs@m.gmane.org; Tue, 08 Nov 2016 15:53:36 +0100 Original-Received: from localhost ([::1]:33630 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c47mI-0004O3-9d for geh-help-gnu-emacs@m.gmane.org; Tue, 08 Nov 2016 09:53:34 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:46363) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c45NM-0002K6-UU for help-gnu-emacs@gnu.org; Tue, 08 Nov 2016 07:19:41 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c45NM-0005VY-2d for help-gnu-emacs@gnu.org; Tue, 08 Nov 2016 07:19:40 -0500 Original-Received: from mail-lf0-x234.google.com ([2a00:1450:4010:c07::234]:35821) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1c45NL-0005VI-R5 for help-gnu-emacs@gnu.org; Tue, 08 Nov 2016 07:19:40 -0500 Original-Received: by mail-lf0-x234.google.com with SMTP id b14so137654463lfg.2 for ; Tue, 08 Nov 2016 04:19:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=83FaNVdU1i9KM/sYbqFpSCV19XlwTKXNCFx0gCQTvjs=; b=MGGEZ35AStRuui190w5zUzU1kIDIlR5OVOKKqxdVpKid/LKAGapUvnC+wdSihUyFM1 csTw4I6gmWE4H/z8eHG6Nf7r0fig3pg0ET4slGdlok5WEicB0aKRhk5EyYFO9NjWLXUp 1HXKKkYOn0lqVTEb2JcxmqTOE9QVb5z48w7IZh8bfGt6gN9b03m6+ZnxCfzEoWZ9MAs0 c6LCH+fowYHemUR5+qqiulA61jI3fclpD3VFs98XjUgscOsOU0ezVtNtWI0W4VlA+dtt sKC3uIfOyIigdfq+h9xgY1yFkQvwp+zIiGK/7aXo57L2Xojj0LMzVIsvsqjD8EjzgeS0 9eAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=83FaNVdU1i9KM/sYbqFpSCV19XlwTKXNCFx0gCQTvjs=; b=G2otkkh+ZrCw1uYLzfQCjxBgRRlbyIaIAJZm+p2xgxdVjkzwzT7ZBCEAq85fLoEP29 gTKGSQwuvWL0d+5qQ4mqADEesHCqeFA93b8/gHLcQ36llVa9nkeqtJy8d91NfUasP29V DXMLbqTehpJXF5z9iD3FFxxQF2nrWuu7yMI3z4s/gz65uMZ1XXbSIL2WMa+tcLXh/sUO Fglsbw/sELz/XczciB2GSmDnBMXsQaRhh0ssqNC4rUm4NpgKJemcosBJbD+wshGVnglc P+8C2icmErcG/7PPMeYe3N1ghZg/X1drsctj2qK3qvLFvXK0vPpeoil16F70kPxAB+I7 SFBg== X-Gm-Message-State: ABUngvfZWH9rbboy0qKTSwA5OBZJp/PViTxmzuzhjH/3dLog0xIcmqeuN7P6OA98OnbYdOeV0fDvS78k6CX2rg== X-Received: by 10.25.162.212 with SMTP id l203mr6884907lfe.50.1478607577923; Tue, 08 Nov 2016 04:19:37 -0800 (PST) Original-Received: by 10.114.80.71 with HTTP; Tue, 8 Nov 2016 04:19:17 -0800 (PST) In-Reply-To: <20161108115818.GB13267@tuxteam.de> X-Google-Sender-Auth: nz4heGyCh2gWgEK-yrFPI0sLSnY X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::234 X-Mailman-Approved-At: Tue, 08 Nov 2016 09:50:41 -0500 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:111687 Archived-At: On Tue, Nov 8, 2016 at 6:58 PM, wrote: > Yeah. This is the usual dance for https over proxy (if the proxy allows > it). Basically, CONNECT tells the proxy to just pass the https stream > along, untouched. And it=E2=80=99s the only way to preserve integrity of the connection. With CONNECT, provided that the origin server presents a valid and matching certificate and you check it, neither the proxy nor any other man-in-the-middle between you and the proxy can spoof the origin server, tamper with requests or responses, or sniff the traffic between you and the origin. With =E2=80=9CGET https://foo/bar=E2=80=9D, all= of the above would be possible.