Michael Baierl wrote:
Hi Oleg!
Oleg Kalnichevski wrote:
Michael Baierl wrote:
Hi there,
I have some pretty simple code that is not working through a proxy.
What I have:
-) an open proxy which does not require authentication
-) the proxy listens on port 80
-) I verified using curl that everything works as expected
What I want to do:
-) request http://somewhere/ through the proxy
-) request https://somewhere/ through the proxy
I did some packet sniffing and to me it seems that HttpClient 3 is
not going to do a CONNECT first.
What I would expect:
-) On the request to http://somewhere/
1) connect to the proxy on the given port (80)
2) use CONNECT somewhere:80
3) do a GET request
4) done
Your expectation is wrong. HttpClient does not have to do that. Plain
HTTP requests send via standard (caching) proxies are only required to
contain an absolute request URI.
http://www.faqs.org/rfcs/rfc2616.html
---
5.1.2 Request-URI
...
The absoluteURI form is REQUIRED when the request is being made to a
proxy. The proxy is requested to forward the request or service it
from a valid cache, and return the response. Note that the proxy MAY
forward the request on to another proxy or directly to the server
---
Fair enough and works fine that way as well. What does not work is the
second case:
-) On the request to https://somewhere/ (SSL!)
1) connect to the proxy on the given port (80)
2) use CONNECT somewhere:443
3) build up the SSL connection
4) do a GET request
5) done
Are you using a custom SSL socket factory by any chance? Are you sure
it is implemented correctly?
As you can see below I use the standard supplied
EasySSLProtocolSocketFactory.
There is no such thing as standard supplied EasySSLProtocolSocketFactory
as this class is distributed in source as a reference material.
Where I see the issue is the fact that the connection between HttpClient
and the proxy is unencrypted (the "CONNECT www.somewhere.com:443" is in
plain text)
That is the way it is supposed to be. The connection to the tunneling
proxy is made in clear text and then, once the tunnel has been
established, the client will use it to send encrypted data to the target
server.
and then an SSL encrypted connection to the target server
has to be made.
Packet sniffing has shown me that this is not the case, HttpClient
just fails and does not connect using the CONNECT function...
Further tests have shown me that just adding a proxy like below
httpclient.getHostConfiguration().setProxy("10.10.1.10", 80);
does not use SSL between HttpClient and the target server.
There is no correlation between proxy settings and transport security.
Hope this helps
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
