atom feed3 messages in org.perl.libwwwRe: SSL through proxy
FromSent OnAttachments
Tan Joo GeokSep 24, 2000 11:32 pm 
Chris HinerSep 25, 2000 6:03 pm 
Tan Joo GeokSep 25, 2000 7:35 pm 
Subject:Re: SSL through proxy
From:Tan Joo Geok (tj@krdl.org.sg)
Date:Sep 25, 2000 7:35:02 pm
List:org.perl.libwww

Thank you for trying to help. I finally got it working although I'm not sure exactly why.

What happened was that I noticed that for the https get without proxy, in the connect subroutine in Net::SSL, the $ssl->connect also failed with the ssl_version being 23. The ssl version was then re-set to 3 for the connect to succeed. I therefore tried to emulate this in your patch for https.pm like this:

*$socket->{'ssl_ctx'} = Net::SSL::_default_context(3);

instead of

*$socket->{'ssl_ctx'} = Net::SSL::_default_context();

And it works!!!

I experimented with your https://www.voicebs.com and found that for this particular https, everything will work whether the ssl_version was set to 23 or 3. Not so for https://www.nodeworks.com which I was using. I don't know much about these SSL Versions, will need to check it up when I find the time....

Thanks again for your attention.

- Joo Geok

----- Original Message ----- From: Chris Hiner <chi@didntduck.org> To: <lib@perl.org> Sent: Tuesday, September 26, 2000 9:03 AM Subject: Re: SSL through proxy

The SSL code is in a shared library (SSLeay.so on my system). I think the functions we're looking to debug are in SSLeay.xs which is processed into SSLeay.c in the Crypt::SSLeay code. I suspect the openssl function SSL_get_error() needs to be called to get the real error code... I have no idea what makes an xs file work... The other way to see what is happening, would be check the log files of the SSL server you're trying to connect to. Especially if you can turn the debug level up.

Somehow it's been working for me, so it is hard for me to suggest what to try. I suggest using the GET or HEAD example programs that come with lwp to test, see the lwp-request man page. Other things I can think of: Try reinstalling openssl and the Crypt-SSLeay module. Try getting a tcpdump of the connection, and see if it's sending any extra headers or anything after the CONNECT, before the negotiation.

The GET example works for me using: Redhat 6.2 perl 5.6.0 Crypt-SSLeay-0.16 libwww-perl-5.48 URI-1.07 openssl-0.9.5a My https patch as posted on this list.

I use the following environment settings: http_proxy=http://gateway:80/ https_proxy=https://gateway:80/

My proxy server is running Apache 1.3.12.

Here's an example command line: (our bad placeholder at work. It's small...) GET -x https://www.voicebs.com/

Here's the output (stderr and stdout mixed together): LWP::UserAgent::new: () LWP::UserAgent::proxy: https https://gateway:80/ LWP::UserAgent::proxy: ftp http://gateway:80/ LWP::UserAgent::proxy: http http://gateway:80/ LWP::UserAgent::request: () LWP::UserAgent::simple_request: GET https://www.voicebs.com/ LWP::UserAgent::_need_proxy: Proxied to https://gateway:80/ LWP::Protocol::https::request: () LWP::Protocol::https::request: Trying to CONNECT through the proxy server LWP::Protocol::http::request: () LWP::Protocol::http::request: CONNECT www.voicebs.com:443 HTTP/1.0

LWP::Protocol::http::request: reading response LWP::Protocol::http::request: HTTP/1.0 200 Connection established Proxy-agent: Apache/1.3.12 (Unix) (Red Hat/Linux)

LWP::Protocol::http::request: HTTP/1.0 200 Connection established LWP::Protocol::https::request: Transmogrifying our socket LWP::Protocol::http::request: () LWP::Protocol::http::request: GET / HTTP/1.0 Host: www.voicebs.com User-Agent: lwp-request/1.39

LWP::Protocol::http::request: reading response LWP::Protocol::http::request: HTTP/1.1 200 OK Date: Tue, 26 Sep 2000 00:36:25 GMT Server: Apache/1.3.12 (Unix) mod_ssl/2.6.5 OpenSSL/0.9.5a Last-Modified: Wed, 26 Jul 2000 19:06:54 GMT ETag: "2fa17-553-397f36ce" Accept-Ranges: bytes Content-Length: 1363 Connection: close Content-Type: text/html

<HTML>... and so on.

Hopefully this helps... Chris chi@didntduck.org

On Mon, Sep 25, 2000 at 02:32:54PM +0800, Tan Joo Geok wrote:

Hello.

I am trying to get the libwww to work for SSL through proxy. I applied Chris Hiner's patch(see attached) but was unsuccessful in getting it to work. I am not much of a perl hacker but it seems to me that there is some problem around the part where the socket is supposed to turn into an SSL socket(see code portion below). Reason being that I have put in a print in the connect subroutine in SSL.pm and the print statement did not show up. It does show up for the case when no proxy is used though. I have not been able to go much further as the only code I found in Crypt::SSLeay::Conn was:

package Crypt::SSLeay::Conn; require Crypt::SSLeay; 1;

There is also no new function in Crypt::SSLeay. I really have no good feel of what's happening in the SSL portion. Perhaps somebody else in this group can help.

BTW, my problem is the same as that posted by Fred Noz a while back, he didn't seem to get any solution either.

Thank you for your attention.

- Joo Geok

Code Portion ==========

my $socket;

my $proxy_request = $request->clone; $proxy_request->method("CONNECT");

my $proxy_protocol = LWP::Protocol::create('http');

LWP::Debug::trace("Trying to CONNECT through the proxy server");

my $proxy_response = $proxy_protocol->request($proxy_request, $proxy, $arg,$size, $timeout);

# Did we get through the proxy server? return $proxy_response unless($proxy_response->code == 200);

$socket = $proxy_response->{client_socket};

# Turn the socket into an SSL socket LWP::Debug::trace("Transmogrifying our socket"); bless $socket, "Net::SSL"; *$socket->{'ssl_ctx'} = Net::SSL::_default_context(); my $ssl = Crypt::SSLeay::Conn->new(*$socket->{'ssl_ctx'}, $socket); if ($ssl->connect <= 0) { # XXX should obtain the real SSLeay error message LWP::Debug::trace("SSL error:".$ssl->connect);

Trace Output ==========

LWP::UserAgent::new: () LWP::UserAgent::proxy: http http://proxy.krdl.org.sg:8080 LWP::UserAgent::proxy: https https://proxy.krdl.org.sg:8080 LWP::UserAgent::request: () LWP::UserAgent::simple_request: GET https://www.nodeworks.com LWP::UserAgent::_need_proxy: Proxied to https://proxy.krdl.org.sg:8080 LWP::Protocol::https::request: () LWP::Protocol::https::request: Trying to CONNECT through the proxy server LWP::Protocol::http::request: () LWP::Protocol::http::request: CONNECT www.nodeworks.com:443 HTTP/1.0

LWP::Protocol::http::request: reading response LWP::Protocol::http::request: HTTP/1.0 200 Connection established Proxy-Agent: NetCache 4.1R3

LWP::Protocol::http::request: HTTP/1.0 200 Connection established LWP::Protocol::https::request: Transmogrifying our socket LWP::Protocol::https::request: SSL error:0 Net::SSL: SSL negotiation failed at /usr/lib/perl5/site_perl/5.005/LWP/Protocol/ https.pm line 116 LWP::UserAgent::request: Simple response: Internal Server Error