Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: https via proxy may stuck when using multi interface

From: Lau, Hang Kin <hklau_at_avistar.com>
Date: Fri, 18 Jan 2008 08:14:39 -0800

> PLEASE don't top-post. Now we just lost all context and
> people who haven't paid very close attention have no idea
> what you're talking about here!

I'm sorry about that.

> And that is actually better than without the patch?

No, but that's one of the reasons why I think there are problems in the
state transactions.

> I read your original email again:
> http://curl.haxx.se/mail/lib-2008-01/0116.html
>
> I disagree with the explanation for the cause and therefore
> also the conclusion about what needs to be done. Can you
> provide any further details or logs or anything that backs up
> your observations?

Yes, I am attaching the logs for a successful case and a failure case.
They are a bit long, but I hope they can help explain something (The log
is obtained against 7.17.1):

*** A Successful Case ***

Info: About to connect() to proxy abc.abc.com port 80 (#0)
Info: Trying 123.123.123.123...
Info: TCP_NODELAY set
Info: connected
Info: Connected to abc.abc.com (123.123.123.123) port 80 (#0)
Info: Establish HTTP proxy tunnel to cde.cde.com:443
Info: Server auth using Basic with user 'User'
==> CONNECT cde.cde.com:443 HTTP/1.0
Host: cde.cde.com:443
Proxy-Connection: Keep-Alive
User-Agent: Http Client/1.0
Content-Type: application/octet-stream
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache,no-store,no-transform
Pragma: no-cache
Connection: Keep-Alive
<== HTTP/1.0 200 OK
<== Server: FreeProxy/3.92
<== Date: Thu, 17 Jan 2008 21:20:22 GMT
<== Content-Type: application/octet-stream
<==
Info: Proxy replied OK to CONNECT request
Info: successfully set certificate verify locations:
Info: CAfile: CERT.pem
CApath: none
Info: SSLv2, Client hello (1):
Info: SSLv3, TLS handshake, Server hello (2):
Info: SSLv3, TLS handshake, CERT (11):
Info: SSLv3, TLS handshake, Server key exchange (12):
Info: SSLv3, TLS handshake, Server finished (14):
Info: SSLv3, TLS handshake, Client key exchange (16):
Info: SSLv3, TLS change cipher, Client hello (1):
Info: SSLv3, TLS handshake, Finished (20):
Info: SSLv3, TLS change cipher, Client hello (1):
Info: SSLv3, TLS handshake, Finished (20):
Info: SSL connection using EDH-RSA-DES-CBC3-SHA
Info: Server certificate:
Info: subject:
/C=US/ST=CA/L=SV/O=A/OU=QA/CN=cde.cde.com/emailAddress=abc_at_abc.com
Info: start date: 2007-02-14 20:09:37 GMT
Info: expire date: 2012-08-06 20:09:37 GMT
Info: common name: cde.cde.com (matched)
Info: issuer:
/C=US/ST=CA/L=SV/O=A/OU=QA/CN=G/emailAddress=abc_at_abc.com
Info: SSL certificate verify ok.
Info: Server auth using Basic with user 'User'
==> GET /url HTTP/1.1
Authorization: Basic xyzxyzxyzxyzxyz
Host: cde.cde.com
Accept: */*
User-Agent: Http Client/1.0
Content-Type: application/octet-stream
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache,no-store,no-transform
Pragma: no-cache
Connection: Keep-Alive
<== HTTP/1.1 200 OK
<== Date: Thu, 17 Jan 2008 21:21:14 GMT
<== Server: Apache/1.3.29 (Unix) mod_ssl/2.8.16 OpenSSL/0.9.6b
mod_jk/1.2.15
<== Cache-Control: no-cache,no-store,no-transform,must-revalidate
<== Pragma: no-cache
<== Expires: Thu, 01 Jan 1970 00:00:00 GMT
<== max-age: Thu, 01 Jan 1970 00:00:00 GMT
Info: Added cookie JSESSIONID="pn0hfgkbp1" for domain cde.cde.com, path
/url, expire 0
<== Set-Cookie: JSESSIONID=pn0hfgkbp1; Path=/url; Secure
<== Keep-Alive: timeout=60, max=100
<== Connection: Keep-Alive
<== Transfer-Encoding: chunked
<== Content-Type: text/html; charset=windows-1252
<==
<== c2

*** A Failure case ***

Info: About to connect() to proxy abc.abc.com port 80 (#0)
Info: Trying 123.123.123.123...
Info: TCP_NODELAY set
Info: connected
Info: Connected to abc.abc.com (123.123.123.123) port 80 (#0)
Info: Establish HTTP proxy tunnel to cde.cde.com:443
Info: Server auth using Basic with user 'User'
==> CONNECT cde.cde.com:443 HTTP/1.0
Host: cde.cde.com:443
Proxy-Connection: Keep-Alive
User-Agent: Http Client/1.0
Content-Type: application/octet-stream
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache,no-store,no-transform
Pragma: no-cache
Connection: Keep-Alive

[According to WireShark, an HTTP/1.0 200 OK from the proxy was actually
received here, but curl failed to grab it and stuck]

> Could it possibly be so that the entire CONNECT request isn't
> sent in the
> (only) send()? AFAIS, there's no code to send any remainders
> if it didn't sent the entire chunk in one go...

Since every time when curl stuck, a HTTP/1.0 200 OK was actually sent
from the proxy, I believe the CONNECT message was okay.

Thanks.

--Hang Kin
--------------------------------------------------------

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

--------------------------------------------------------
Received on 2008-01-18