cURL / Mailing Lists / curl-library / Single Mail

curl-library

https behind http proxy falls back to http

From: Josue Andrade Gomes <josue.gomes.honeypot_at_gmail.com>
Date: Wed, 20 Apr 2011 16:57:56 -0300

Hi all,

I'm experiencing different behaviors of two curl versions when
connecting to https behind a http proxy.

The working case is 7.21.0 (distributed with Debian 6):

curl 7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o
zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
Protocols: dict file ftp ftps http https imap imaps ldap ldaps pop3
pop3s rtsp scp sftp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Command line "curl -v -k --proxy http://x.x.x.x:8128
https://google.com" gives me:

* About to connect() to proxy x.x.x.x port 8128 (#0)
* Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8128 (#0)
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.google.com
* start date: 2011-02-16 00:24:53 GMT
* expire date: 2012-02-16 00:34:53 GMT
* subjectAltName: google.com matched
* issuer: C=US; O=Google Inc; CN=Google Internet Authority
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> Host: google.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< X-Content-Type-Options: nosniff
< Date: Wed, 20 Apr 2011 07:19:22 GMT
< Expires: Fri, 20 May 2011 07:19:22 GMT
< Server: sffe
< Content-Length: 219
< X-XSS-Protection: 1; mode=block
< Cache-Control: public, max-age=2592000
< Age: 44711
<
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

Then downloaded and built 7.21.5 with "--with-ssl --with-zlib --with-libssh2":

curl 7.21.5 (i686-pc-linux-gnu) libcurl/7.21.5 OpenSSL/0.9.8o
zlib/1.2.3.4 libssh2/1.2.6
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
rtsp scp sftp smtp smtps telnet tftp
Features: IPv6 Largefile NTLM SSL libz

Same command line gives:

* About to connect() to proxy x.x.x.x port 8128 (#0)
* Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8128 (#0)
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.21.5 (i686-pc-linux-gnu) libcurl/7.21.5 OpenSSL/0.9.8o zlib/1.2.3.4 libssh2/1.2.6
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
> GET / HTTP/1.1
> User-Agent: curl/7.21.5 (i686-pc-linux-gnu) libcurl/7.21.5 OpenSSL/0.9.8o zlib/1.2.3.4 libssh2/1.2.6
> Host: google.com
> Accept: */*
>
* Empty reply from server
* Connection #0 to host x.x.x.x left intact
curl: (52) Empty reply from server
* Closing connection #0

Any idea?

Posted here because the plan is to implement this using libcurl.

Josue Gomes
josue.gomes.honeypot_at_gmail.com

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-04-20