[
https://issues.apache.org/jira/browse/AXIS2C-1555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved AXIS2C-1555.
-------------------------------------
Fix Version/s: 2.0.0
(was: 1.7.0)
Resolution: Fixed
When connecting to an HTTPS endpoint through a proxy, the HTTP client
sends a CONNECT request to establish an SSL tunnel. This request may
require proxy authentication (HTTP 407 response).
Changes:
- Add proxy_auth_username and proxy_auth_password fields to http_client
struct
- Add axis2_http_client_set_proxy_auth() function to set proxy credentials
- Modify axis2_http_client_connect_ssl_host() to include Proxy-Authorization
header with Basic auth in the CONNECT request when credentials are set
- Return HTTP 407 status code (instead of generic failure) when proxy
requires authentication, allowing caller to handle appropriately
- Update axis2_http_sender_configure_proxy() to pass proxy credentials
from message context to the HTTP client
- Properly free proxy auth credentials in axis2_http_client_free()
> Proxy authentication not working when using HTTPS
> -------------------------------------------------
>
> Key: AXIS2C-1555
> URL: https://issues.apache.org/jira/browse/AXIS2C-1555
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Affects Versions: 1.6.0
> Reporter: Halewijn Geerts
> Priority: Major
> Fix For: 2.0.0
>
>
> Proxy authentication is not working when using HTTPS. A Proxy without
> authentication does work when axis2c was build without curl. In a build with
> curl, proxy is ignored ( with or without authentication ).
> For build without curl:
> - In http_sender.c, axis2_http_client_recieve_header is called after
> axis2_http_client_send without checking if send call succeeded.
> - In http_client.c, axis2_http_client_connect_ssl_host :
> proxy authentication data should be passed in connect_string:
> if ( inAuthenticationString )
> {
> connect_string = AXIS2_MALLOC( env->allocator,
>
> axutil_strlen(host) * sizeof(axis2_char_t) +
>
> axutil_strlen(inAuthenticationString) * sizeof(axis2_char_t) +
> 50 *
> sizeof(axis2_char_t) );
> sprintf(connect_string, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization:
> %s\r\n\r\n", host, port, inAuthenticationString );
> }
> else
> {
> connect_string = AXIS2_MALLOC( env->allocator,
>
> axutil_strlen(host) * sizeof(axis2_char_t) +
> 30 *
> sizeof(axis2_char_t) );
> sprintf(connect_string, "CONNECT %s:%d HTTP/1.0\r\n\r\n", host, port);
> }
> (Authentication string can be obtained from
> axis2_http_sender_configure_proxy_auth, I added output parameter to get it.)
> Also when axis2_http_status_line_get_status_code returns
> AXIS2_HTTP_RESPONSE_PROXY_AUTHENTICATION_REQUIRED_CODE_VAL,
> the response should be processed to get the authentication type:
> < if (200 != axis2_http_status_line_get_status_code(status_line, env))
> < {
> < AXIS2_FREE(env->allocator, connect_string);
> < axutil_stream_free(tmp_stream, env);
> < return AXIS2_FAILURE;
> < }
> > theStatusCode = axis2_http_status_line_get_status_code(status_line, env);
> >
> > if ( AXIS2_HTTP_RESPONSE_OK_CODE_VAL != theStatusCode )
> > {
> > if ( AXIS2_HTTP_RESPONSE_PROXY_AUTHENTICATION_REQUIRED_CODE_VAL ==
> > theStatusCode )
> > {
> > client->response = axis2_http_simple_response_create_default(env);
> >
> > memset(str_header, 0, 512);
> > end_of_line = AXIS2_FALSE;
> > while ( read > 0 && AXIS2_FALSE == end_of_headers )
> > {
> > while ( ( read = axutil_stream_read( tmp_stream, env, tmp_buf,
> > 1 ) ) > 0 )
> > {
> > tmp_buf[read] = '\0';
> > assert ( axutil_strlen( str_header ) + 1 <= 512 );
> > strcat(str_header, tmp_buf);
> > if (0 != strstr(str_header, AXIS2_HTTP_CRLF))
> > {
> > end_of_line = AXIS2_TRUE;
> > break;
> > }
> > }
> > if (AXIS2_TRUE == end_of_line)
> > {
> > if (0 == axutil_strcmp(str_header, AXIS2_HTTP_CRLF))
> > {
> > end_of_headers = AXIS2_TRUE;
> > }
> > else
> > {
> > axis2_http_header_t *tmp_header =
> > axis2_http_header_create_by_str(env, str_header);
> > memset(str_header, 0, 512);
> > if (tmp_header)
> > {
> >
> > axis2_http_simple_response_set_header(client->response,
> > env,
> > tmp_header);
> > }
> > }
> > }
> > end_of_line = AXIS2_FALSE;
> > }
> > }
> >
> > AXIS2_FREE(env->allocator, connect_string);
> > axis2_http_status_line_free( status_line, env );
> > axutil_stream_free(tmp_stream, env);
> > return theStatusCode; /*return the status code because is checked in
> > http_sender.c*/
> As shown in above code: the http status code must be returned in case of an
> error because in http_sender, the return value of axis2_http_client_send
> will be checked to see if value is equal to
> AXIS2_HTTP_RESPONSE_PROXY_AUTHENTICATION_REQUIRED_CODE_VAL.
> With these changes I have been able to get only a part of the code working:
> - when axis2_options_set_test_proxy_auth( theOptions, mEnvironment,
> AXIS2_TRUE ); is set, authentication type will be set.
> - can authenticate through proxy when authentication is known.
> Didn't get code working that gets authentication type and then connects in 1
> call, I have to use axis2_options_set_test_proxy_auth first then call again
> with authentication type set.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
