[jira] [Commented] (TS-274) UA side SSL support in forward proxy

[JIRA]

    [ 
https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13875894#comment-13875894
 ] 

Igor Galić commented on TS-274:
-------------------------------

This is what we get today (4.2.0)
{code}
[Jan 19 17:15:00.859] Server {0x7fd224109700} DEBUG: (ssl) 
[SSLNextProtocolAccept:mainEvent] event 202 netvc 0x7fd214016b20
[Jan 19 17:15:00.859] Server {0x7fd224109700} DEBUG: (ssl) 
SSL::140540524926720:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http 
request:s23_srvr.c:418
[Jan 19 17:15:00.859] Server {0x7fd224109700} DEBUG: <SSLNetVConnection.cc:519 
(sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1), errno=0
[Jan 19 17:15:00.859] Server {0x7fd224109700} DEBUG: (http_seq) 
[HttpAccept:mainEvent 0x7fd214016b20] accepted connection from ::1:56678 
transport type = 3
[Jan 19 17:15:00.859] Server {0x7fd224109700} DEBUG: (http_cs) [1] session 
born, netvc 0x7fd214016b20
[Jan 19 17:15:00.860] Server {0x7fd224109700} DEBUG: (http_cs) [1] Starting 
transaction 1 using sm [1]
{code}

and then, when the request dies or times out, I get:
{code}
[Jan 19 17:17:01.206] Server {0x7fd224109700} DEBUG: (http) [1] 
[HttpSM::main_handler, VC_EVENT_INACTIVITY_TIMEOUT]
[Jan 19 17:17:01.206] Server {0x7fd224109700} DEBUG: (http) [1] 
[&HttpSM::state_read_client_request_header, VC_EVENT_INACTIVITY_TIMEOUT]
[Jan 19 17:17:01.206] Server {0x7fd224109700} DEBUG: (http_cs) [1] session 
closed
[Jan 19 17:17:01.206] Server {0x7fd224109700} DEBUG: (http_cs) [1] session 
destroy
[Jan 19 17:17:01.206] Server {0x7fd224109700} DEBUG: (http_redirect) 
[HttpTunnel::deallocate_postdata_copy_buffers]
[Jan 19 17:17:01.206] Server {0x7fd224109700} DEBUG: (http_seq) 
[HttpSM::update_stats] Logging transaction
[Jan 19 17:17:01.206] Server {0x7fd224109700} DEBUG: (http) [1] deallocating sm
{code}

> UA side SSL support in forward proxy
> ------------------------------------
>
>                 Key: TS-274
>                 URL: https://issues.apache.org/jira/browse/TS-274
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: SSL
>    Affects Versions: 2.1.0, 2.0.0a
>         Environment: Debian, Linux 2.6.18 32-bit
>            Reporter: Marcus Clyne
>              Labels: ssl
>             Fix For: 5.2.0
>
>
> Using self-signed SSL certificates, which are in the correct paths under 
> $prefix, and giving no startup errors, I get the following error when making 
> a request through the proxy :
> {code}
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: 
> SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: 
> SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy 
> request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: 
> SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: 
> SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http 
> request:s23_srvr.c:379:
> {code}
> The first of these two was from using Proxifier (Windows software) to connect 
> to the server, the second is from using `curl -k -x $ip:443 
> http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of 
> today when used in forward proxy mode.
> I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC 
> name) tested in reverse proxy mode, and reverse proxy mode worked only in the 
> 2.0.x but not trunk.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)