[GitHub] tomcat issue #39: Provide the correct port when using proxy
Github user SvetlinZarev commented on the issue: https://github.com/apache/tomcat/pull/39 Hi, I've already created a bugzilla ticket: https://bz.apache.org/bugzilla/show_bug.cgi?id=60617 > Do you read changelogs? I do. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat issue #39: Provide the correct port when using proxy
Github user SvetlinZarev commented on the issue: https://github.com/apache/tomcat/pull/39 > Does the CONNECT verb not imply a default port number when none is present? @ChristopherSchultz According to [rfc2817 section 5.2](https://www.ietf.org/rfc/rfc2817.txt): > A CONNECT method requests that a proxy establish a tunnel connection >on its behalf. The Request-URI portion of the Request-Line is always >an 'authority' as defined by URI Generic Syntax [2], which is to say >**the host name and port number** destination of the requested connection >separated by a colon Also by the never finalized draft https://tools.ietf.org/html/draft-luotonen-web-proxy-tunneling-01#section-3.1: > The client connects to the proxy server, and uses the CONNECT method >to specify the hostname and the port number to connect to. The >hostname and port number are separated by a colon, and **both of them >must be specified**. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat issue #39: Provide the correct port when using proxy
Github user SvetlinZarev commented on the issue: https://github.com/apache/tomcat/pull/39 Issue Description === WsWebSocketContainer generates bad CONNECT request when a proxy is used. The host does not contain port information, hence the app cannot connect to wss:// endpoints. Also some stricter proxy servers may reject requests without port info, thus making WsWebSocketContainer.connectToServer() fail for both ws:// and wss:// endpoints. Steps to reproduce === Prerequisites --- 1. Download Tomcat 8.5.9 2. Configure it to use port 8081 3. Clone g...@github.com:adamfisk/LittleProxy.git 4. Clone MCVE: g...@github.com:SvetlinZarev/websocket-tomcat-bug.git 5. Build (3), (4) -> mvn clean install (you may want to rename the mcve to ROOT) How to reproduce it --- 1. Start LittleProxy (it defaults to port 8080) 2. Configure Tomcat use the proxy: export CATALINA_OPTS="-Dhttp.proxyHost=localhost -Dhttp.proxyPort=8080 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080" 3. Start tomcat: catalina.sh run 4. Request the mcve: http://localhost:8081/ws Expected behavior --- You should see: Connected. Sending message... Message: Hello World! Disconnected: Actual behavior --- An exception is thrown. In case of LittleProxy it is a timeout exception during channel.handshake().get(); In my other case it is a DeploymentException caused by a bad request, because the (stricter) proxy rejected the request because it does not contain port info. Additional information --- You can play with the mcve by adding the following request parameters: * scheme - i.e. ws://, wss:// * server - i.e. echo.websocket.org Example: 4. Request the mcve with: http://localhost:8081/ws?scheme=wss://=echo.websocket.org:443 It will succeed. Now remove the port from teh server string. It will fail. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat issue #39: Provide the correct port when using proxy
Github user SvetlinZarev commented on the issue: https://github.com/apache/tomcat/pull/39 It's not a no-op. Imagine the following case: WS-Host: wss://echo.websocket.org proxy-host: proxy proxy-port: 8080 The flow is as follows: URI path = the WS-HOST String host = path.getHost(); int port = path.getPort(); //-1 if the ":port" part of the authority is missing if(hasProxy){ proxyConnect = createProxyRequest(host, port); }else{ if(-1 == port) then do portDiscovery -> 80/443 depending on ws/wss scheme ... } So here in the proxy case the port will be -1, because WS-Host does not specify host. As a result the CONNECT request will not contain port in the request line -> hence invalid CONNECT request. In the non-proxy case the original code correctly performs port discovery based on the scheme( if a port is not explicitly provided in WS-Host). So what I did was to do port discovery if no port is specified, regardless of proxy configuration. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat pull request #39: Provide the correct port when using proxy
GitHub user SvetlinZarev opened a pull request: https://github.com/apache/tomcat/pull/39 Provide the correct port when using proxy Fix "create-connection" failures in case of proxied connection. The proxy needs the remote port information in order to know to which port to open a tunnel. You can merge this pull request into a Git repository by running: $ git pull https://github.com/SvetlinZarev/tomcat websockets Alternatively you can review and apply these changes as the patch at: https://github.com/apache/tomcat/pull/39.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #39 commit 8522631f7357871ffba7566fa733952099f89797 Author: Svetlin Zarev <svetlin.za...@abv.bg> Date: 2017-01-13T10:22:54Z Provide the correct port when using proxy Fix "create-connection" failures in case of proxied connection. The proxy needs the remote port information in order to know to which port to open a tunel. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat issue #34: fixed retrieval org.apache.catalina.startup.EXIT_ON_INIT_F...
Github user SvetlinZarev commented on the issue: https://github.com/apache/tomcat/pull/34 Nope, Boolean.getBoolean("xxx") tries to convert the value of the system property "xxx" to a boolean or returns false if it's missing. The method name is indeed very misleading, but works as expected. http://docs.oracle.com/javase/7/docs/api/java/lang/Boolean.html#getBoolean(java.lang.String) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org