[jira] [Created] (TS-847) Forward proxy: Can't create SSL connection to older Subversion Servers.

[JIRA]

Forward proxy: Can't create SSL connection to older Subversion Servers.
-----------------------------------------------------------------------

                 Key: TS-847
                 URL: https://issues.apache.org/jira/browse/TS-847
             Project: Traffic Server
          Issue Type: Bug
    Affects Versions: 3.0.0, 3.1.0
            Reporter: Igor Galić


When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through 
SSL via the Forward proxy, I'll get a failure such as:
{noformat}
igalic@knock ~/src % svn co 
https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection 
through proxy server: 502 Tunnel Connection Failed 
(https://gar.svn.sourceforge.net)
1 igalic@knock ~/src %
{noformat}
The squid.blog says:
{noformat}
1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT 
gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
{noformat}
While the error log says:
{noformat}
20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection 
Failed) for 'gar.svn.sourceforge.net:443/'
{noformat}

With newer versions of the Subversion server this works out fine, example the 
ASF's server:
{noformat}
igalic@knock ~/src % svn co 
https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
A    header_filter/example.conf
A    header_filter/rules.h
A    header_filter/NOTICE
A    header_filter/header_filter.cc
A    header_filter/LICENSE
A    header_filter/STATUS
A    header_filter/lulu.h
A    header_filter/CHANGES
A    header_filter/Makefile
A    header_filter/README
A    header_filter/rules.cc
Checked out revision 1137808.
igalic@knock ~/src %
{noformat}

I wouldn't submit this bug in the first place, if it didn't work with Squid 
either. Alas Squid passes with flying colours! Attatched you can find wireshark 
captures for the four scenarios:

* Failure with ATS (old subversion server: sf.net)
* Success with Squid (same old subversion server: sf.net)
* Success with ATS (new Subversion server: ASF)
* Success with Squid (same new Subversion server: ASF)

To force subversion through a proxy you need to edit ~/.subversion/servers
{noformat}
[global]
http-proxy-host = localhost
http-proxy-port = 8080
{noformat}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira