Hi all,
I spent quite some time with this task and unfortunately come to the
conclusion that a.) I am just to stupid or b.) neither the current (patched
Version) nor the original version shipped with LWP 5.48 work properly.
It is proven that the same request issued directly to the host works
without problems, but every connect via proxy results in a "500 Internal Server
Error" (for the patched version), or freezes (original)
The original implementation of https.pm is what I basically would prefer
from a technical aspect but unfortunatly it fails due the Net::SSL Socket
connection to the proxy freezes as the connection is an http connect with no
SSL handshake.
The patched implementation of https.pm tries to work around the problem as
it opens a standard IO::Socket::INET to the proxy and later tries to bless
it as an Net::SSL socket. This is ihmo the strongest weakness and not the
best way to approch the problem. Additionally the patched implemention does
not support the SSL-handshake for various SSL-Version and probably leaves
vital informations uninitialized.
I identified the critical code portion as followed.
The visualize the problem
Net::SSL::Connect: SSL-Handshake mechanism
# This code will not be executed in the patched version
$ssl = Crypt::SSLeay::Conn->new(*$self->{'ssl_ctx'}, $self);
# print "ssl_version ".*$self->{ssl_version}."\n";
if ($ssl->connect <= 0) {
if(*$self->{ssl_version} == 23) {
....
} elsif(*$self->{ssl_version} == 3) {
# + ....
} else {
$self->die_with_error("SSL negotiation failed");
and below like the patch tries to solve it
https.pm. As one can see it lacks the handshake. I even strongly believe
that the line
bless $socket, "NET::SSL"
is the main reason for all the trouble as you convert the IO::Socket::INET
into an object derived from its own class. Downgrading an object
(converting a derived object into its father object) is what I know, but this practice
seems questionable to me.
LWP::Debug::trace("Transmogrifying our socket");
bless $socket, "Net::SSL";
*$socket->{'ssl_ctx'} = Net::SSL::_default_context();
my $ssl = Crypt::SSLeay::Conn->new(*$socket->{'ssl_ctx'}, $socket);
if ($ssl->connect <= 0) {
# XXX should obtain the real SSLeay error message
LWP::Debug::trace("SSL error:".$ssl->connect);
Given the original implentation of LWP 5.48, from my point of view the
solution is to enhance the NET::SSL Socket that way that it will be able to
connect itself through the proxy.
Any help strongly welcome. What is still bit wonderous to me is that the
patched version seems to work for some, but not all. Digging throught the
code I found that Crypt::SSLeay::Maincontext imports some var from the
environment.
Crypt::SSL::MainContext
...
$ctx->set_cipher_list($ENV{CRYPT_SSLEAY_CIPHER})
...
Is this an option?
Unfortunately I consider myself just a Perl Newbie, so I see myself not
beeing able to fix the problem on my own.
Regards
Tobias
--
Sent through GMX FreeMail - http://www.gmx.net
