#24432: The meek<->moat tunneling isn't set up correctly
 Reporter:  isis                  |          Owner:  isis
     Type:  defect                |         Status:  reopened
 Priority:  High                  |      Milestone:
Component:  Obfuscation/BridgeDB  |        Version:
 Severity:  Normal                |     Resolution:
 Keywords:  moat bridgedb-dist    |  Actual Points:
Parent ID:  #24689                |         Points:  2
 Reviewer:                        |        Sponsor:  SponsorM

Comment (by isis):

 Okay, I think I've found at least one issue, but it appears to be some bad
 interaction between TLS configs between the meek-server, Apache, and the
 moat server:

 If I run:

 cd scripts
 TEST_PRODUCTION_MOAT=1 ./test-moat fetch > /tmp/moat-fetch

 where the last script is just something I whipped together for testing
 ([XXX attached]), I get:

 <title>400 Bad Request</title>
 <h1>Bad Request</h1>
 <p>Your browser sent a request that this server could not understand.<br
 Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
  Instead use the HTTPS scheme to access this URL, please.<br />
 <address>Apache Server at bridges.torproject.org Port 443</address>
 {"errors": [{"status": "Unsupported Media Type", "code": 415, "detail":
 "", "version": "0.1.0", "type": "", "id": 0}]}

 The full log is [XXX attached as a `script` typescript file] (read it with
 `less -r typescript` and beware that it is a raw terminal log including
 escape characters).

 I have no idea why:

  1. Both the Apache server *and* the moat server could answer in the same
 response. (I don't know much about Apache.)
  2. The Apache server is complaining about TLS. (I don't know much about
  3. The moat server is erroring with `415 Unsupported Media Type`, since
 that would only happen if it got the HTTP header `Content-Type:
 application/vnd.api+json` but with a media type parameter specified, e.g.
 `Content-Type: application/vnd.api+json;jpeg`. (It sounds like either
 Apache, the meek reflector, or meek-server is altering the headers?)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24432#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to