Thank you for trying to help. I finally got it working although I'm not
sure exactly why.
What happened was that I noticed that for the https get without proxy, in
the connect subroutine in Net::SSL, the $ssl->connect also failed with the
ssl_version being 23. The ssl version was then re-set to 3 for the connect
to succeed. I therefore tried to emulate this in your patch for https.pm
like this:
*$socket->{'ssl_ctx'} = Net::SSL::_default_context(3);
instead of
*$socket->{'ssl_ctx'} = Net::SSL::_default_context();
And it works!!!
I experimented with your https://www.voicebs.com and found that for this
particular https, everything will work whether the ssl_version was set to 23
or 3. Not so for https://www.nodeworks.com which I was using. I don't know
much about these SSL Versions, will need to check it up when I find the
time....
Thanks again for your attention.
- Joo Geok
----- Original Message -----
From: Chris Hiner <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 26, 2000 9:03 AM
Subject: Re: SSL through proxy
> The SSL code is in a shared library (SSLeay.so on my system). I think the
> functions we're looking to debug are in SSLeay.xs which is processed
> into SSLeay.c in the Crypt::SSLeay code. I suspect the openssl function
> SSL_get_error() needs to be called to get the real error code... I have no
> idea what makes an xs file work...
> The other way to see what is happening, would be check the log files of
the
> SSL server you're trying to connect to. Especially if you can turn the
> debug level up.
>
> Somehow it's been working for me, so it is hard for me to suggest what
> to try. I suggest using the GET or HEAD example programs that come with
> lwp to test, see the lwp-request man page. Other things I can think of:
> Try reinstalling openssl and the Crypt-SSLeay module.
> Try getting a tcpdump of the connection, and see if it's sending any extra
> headers or anything after the CONNECT, before the negotiation.
>
> The GET example works for me using:
> Redhat 6.2
> perl 5.6.0
> Crypt-SSLeay-0.16
> libwww-perl-5.48
> URI-1.07
> openssl-0.9.5a
> My https patch as posted on this list.
>
> I use the following environment settings:
> http_proxy=http://gateway:80/
> https_proxy=https://gateway:80/
>
> My proxy server is running Apache 1.3.12.
>
> Here's an example command line: (our bad placeholder at work. It's
small...)
> GET -x https://www.voicebs.com/
>
> Here's the output (stderr and stdout mixed together):
> LWP::UserAgent::new: ()
> LWP::UserAgent::proxy: https https://gateway:80/
> LWP::UserAgent::proxy: ftp http://gateway:80/
> LWP::UserAgent::proxy: http http://gateway:80/
> LWP::UserAgent::request: ()
> LWP::UserAgent::simple_request: GET https://www.voicebs.com/
> LWP::UserAgent::_need_proxy: Proxied to https://gateway:80/
> LWP::Protocol::https::request: ()
> LWP::Protocol::https::request: Trying to CONNECT through the proxy server
> LWP::Protocol::http::request: ()
> LWP::Protocol::http::request: CONNECT www.voicebs.com:443 HTTP/1.0
>
>
> LWP::Protocol::http::request: reading response
> LWP::Protocol::http::request: HTTP/1.0 200 Connection established
> Proxy-agent: Apache/1.3.12 (Unix) (Red Hat/Linux)
>
> LWP::Protocol::http::request: HTTP/1.0 200 Connection established
> LWP::Protocol::https::request: Transmogrifying our socket
> LWP::Protocol::http::request: ()
> LWP::Protocol::http::request: GET / HTTP/1.0
> Host: www.voicebs.com
> User-Agent: lwp-request/1.39
>
> LWP::Protocol::http::request: reading response
> LWP::Protocol::http::request: HTTP/1.1 200 OK
> Date: Tue, 26 Sep 2000 00:36:25 GMT
> Server: Apache/1.3.12 (Unix) mod_ssl/2.6.5 OpenSSL/0.9.5a
> Last-Modified: Wed, 26 Jul 2000 19:06:54 GMT
> ETag: "2fa17-553-397f36ce"
> Accept-Ranges: bytes
> Content-Length: 1363
> Connection: close
> Content-Type: text/html
>
> <HTML>... and so on.
>
> Hopefully this helps...
> Chris
> [EMAIL PROTECTED]
>
> On Mon, Sep 25, 2000 at 02:32:54PM +0800, Tan Joo Geok wrote:
> > Hello.
> >
> > I am trying to get the libwww to work for SSL through proxy.
> > I applied Chris Hiner's patch(see attached) but was unsuccessful in
> > getting it to work. I am not much of a perl hacker but it seems to me
> > that there is some problem around the part where the socket is supposed
> > to turn into an SSL socket(see code portion below). Reason being that I
> > have put in a print in the connect subroutine in SSL.pm and the print
> > statement did not show up. It does show up for the case when no proxy
> > is used though. I have not been able to go much further as the only
code
> > I found in Crypt::SSLeay::Conn was:
> >
> > package Crypt::SSLeay::Conn;
> > require Crypt::SSLeay;
> > 1;
> >
> > There is also no new function in Crypt::SSLeay. I really have no good
feel
> > of what's happening in the SSL portion. Perhaps somebody else in this
group
> > can help.
> >
> > BTW, my problem is the same as that posted by Fred Noz a while back, he
> > didn't seem to get any solution either.
> >
> > Thank you for your attention.
> >
> > - Joo Geok
> >
> >
> >
> > Code Portion
> > ==========
> >
> > my $socket;
> >
> > my $proxy_request = $request->clone;
> > $proxy_request->method("CONNECT");
> >
> > my $proxy_protocol = LWP::Protocol::create('http');
> >
> > LWP::Debug::trace("Trying to CONNECT through the proxy server");
> >
> > my $proxy_response = $proxy_protocol->request($proxy_request,
$proxy, $arg,$size, $timeout);
> >
> > # Did we get through the proxy server?
> > return $proxy_response unless($proxy_response->code == 200);
> >
> > $socket = $proxy_response->{client_socket};
> >
> > # Turn the socket into an SSL socket
> > LWP::Debug::trace("Transmogrifying our socket");
> > bless $socket, "Net::SSL";
> > *$socket->{'ssl_ctx'} = Net::SSL::_default_context();
> > my $ssl = Crypt::SSLeay::Conn->new(*$socket->{'ssl_ctx'}, $socket);
> > if ($ssl->connect <= 0) {
> > # XXX should obtain the real SSLeay error message
> > LWP::Debug::trace("SSL error:".$ssl->connect);
> >
> >
> > Trace Output
> > ==========
> >
> > LWP::UserAgent::new: ()
> > LWP::UserAgent::proxy: http http://proxy.krdl.org.sg:8080
> > LWP::UserAgent::proxy: https https://proxy.krdl.org.sg:8080
> > LWP::UserAgent::request: ()
> > LWP::UserAgent::simple_request: GET https://www.nodeworks.com
> > LWP::UserAgent::_need_proxy: Proxied to https://proxy.krdl.org.sg:8080
> > LWP::Protocol::https::request: ()
> > LWP::Protocol::https::request: Trying to CONNECT through the proxy
server
> > LWP::Protocol::http::request: ()
> > LWP::Protocol::http::request: CONNECT www.nodeworks.com:443 HTTP/1.0
> >
> >
> > LWP::Protocol::http::request: reading response
> > LWP::Protocol::http::request: HTTP/1.0 200 Connection established
> > Proxy-Agent: NetCache 4.1R3
> >
> > LWP::Protocol::http::request: HTTP/1.0 200 Connection established
> > LWP::Protocol::https::request: Transmogrifying our socket
> > LWP::Protocol::https::request: SSL error:0
> > Net::SSL: SSL negotiation failed at
/usr/lib/perl5/site_perl/5.005/LWP/Protocol/
> > https.pm line 116
> > LWP::UserAgent::request: Simple response: Internal Server Error
> >
