bug#62598: 29.0.60; url-https-proxy-connect doesn't support multi-stage auth to proxies

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Thomas Fitzsimmons <fitzsim@fitzsim.org>
To: Spencer Baugh <sbaugh@janestreet.com>
Cc: 62598@debbugs.gnu.org
Subject: bug#62598: 29.0.60; url-https-proxy-connect doesn't support multi-stage auth to proxies
Date: Wed, 05 Apr 2023 19:34:21 -0400	[thread overview]
Message-ID: <m3bkk1dhtu.fsf@fitzsim.org> (raw)
In-Reply-To: <ierlejb2vpk.fsf@janestreet.com> (Spencer Baugh's message of "Sat, 01 Apr 2023 16:28:39 -0400")

Hi Spencer,

Spencer Baugh <sbaugh@janestreet.com> writes:

> url-http knows how to use HTTPS proxies, primarily in
> url-https-proxy-connect.  It even knows to authenticate to those
> proxies, as fixed in bug#42422.
>
> But some HTTP authentication methods (e.g. NTLM as supported by
> url-http-ntlm) require multiple stages of back-and-forth in
> authentication.  This works fine with regular HTTP requests and requests
> to HTTP (non-S) proxies; it's handled by url-http-handle-authentication
> which is called by url-http-parse-headers when it sees a 401 or 407
> (auth required and proxy auth required) status.
>
> But this does not work with the HTTPS proxy support, because if it sees
> 401 or 407 as a response to CONNECT, it just immediately fails.

Why can't that code path call url-http-handle-authentication instead of
just failing?  What makes HTTPS different from HTTP in this respect?

> I'm very interested in adding this but I'm unsure how to approach it.  I
> guess that url-https-proxy-after-change-function should be calling
> something similar to url-http-handle-authentication.  Or maybe the whole
> design of how HTTPS proxy support works today is wrong, and it should be
> calling url-http-parse-headers like everything else?

I'd say try to make both approaches work, and see which one results in
the minimum set of changes.

Thomas

next prev parent reply	other threads:[~2023-04-05 23:34 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-01 20:28 bug#62598: 29.0.60; url-https-proxy-connect doesn't support multi-stage auth to proxies Spencer Baugh
2023-04-05 23:34 ` Thomas Fitzsimmons [this message]
2023-09-09 14:21 ` J.P.

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m3bkk1dhtu.fsf@fitzsim.org \
    --to=fitzsim@fitzsim.org \
    --cc=62598@debbugs.gnu.org \
    --cc=sbaugh@janestreet.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.