Thank you for your response. You have got to get an award for how quickly and reliably you respond to peoples problems! You my friend deserve a medal!
Thank again, Steve On Fri, Nov 18, 2011 at 7:32 AM, Oleg Kalnichevski <[email protected]> wrote: > On Thu, Nov 17, 2011 at 08:48:16PM -0800, steve labar wrote: > > I'm trying to create a http/https proxy server leveraging httpclient and > > httpcore. I can get the http portion of the proxy to work just fine. > > However, when I try to implement the ssl section I have major trouble. It > > looks like its failing within HTTPService.handleRequest(). I expect its > due > > to ssl but hard to really tell what i'm doing wrong. Here is what i'm > > currently doing: > > > > Setup socket to listen on 8080 > > > > serversocket = new ServerSocket(port); > > this.params = new SyncBasicHttpParams(); > > > this.params.setBooleanParameter(ClientPNames.HANDLE_REDIRECTS, > > true).setIntParameter(CoreConnectionPNames.SO_TIMEOUT, 50000) > > > > .setIntParameter(CoreConnectionPNames.SOCKET_BUFFER_SIZE, > > 8 * 1024) > > .setBooleanParameter( > > CoreConnectionPNames.STALE_CONNECTION_CHECK, > > false) > > > .setBooleanParameter(CoreConnectionPNames.TCP_NODELAY, > > true) > > .setParameter(CoreProtocolPNames.ORIGIN_SERVER, > > "HttpComponents/1.1"); > > // Set up the HTTP protocol processor > > HttpProcessor httpproc = new ImmutableHttpProcessor( > > new HttpResponseInterceptor[] { new ResponseDate(), > > new ResponseServer(), new ResponseContent(), > > new ResponseConnControl() }); > > > > // Set up request handlers > > HttpRequestHandlerRegistry reqistry = new > > HttpRequestHandlerRegistry(); > > reqistry.register("*", new DefaultHttpRequestHandler()); > > // Set up the HTTP service > > this.httpService = new HttpService(httpproc, > > new DefaultConnectionReuseStrategy(), > > new DefaultHttpResponseFactory(), reqistry, > > this.params); > > > > Then on every incoming accept() on that socket i send that data to a > worker > > thread that calls httpservice.handlerequest() here is that code snippet: > > > > public void run() { > > System.out.println("New connection thread"); > > HttpContext context = new BasicHttpContext(null); > > > > try { > > while (!Thread.interrupted() && this.conn.isOpen()) { > > //HttpRequest req = this.conn.receiveRequestHeader(); > > this.httpservice.handleRequest(this.conn, context); > > } > > } catch (ConnectionClosedException ex) { > > System.err.println("Client closed connection"); > > } catch (IOException ex) { > > System.err.println("I/O error: " + ex.getMessage()); > > ex.printStackTrace(); > > } catch (HttpException ex) { > > System.err.println("Unrecoverable HTTP protocol > violation: " > > + ex.getMessage()); > > } finally { > > try { > > this.conn.shutdown(); > > } catch (IOException ignore) { > > } > > } > > > > Then each request gets handled by my DefaultHttpRequestHandler which > > extends HttpRequestHandler here is the method called anytime > > httpService.handleRequest() is called. You will notice I peek at the > > http(s) method if not a CONNECT. Its super simple make request to server > > and set the response object and let the method handle sending back to > > browser on socket listening. The problem comes up if i hit as an example > > https://google.com. When i debug it comes in gets set to handle() by the > > httpservice.handlerequest(). As soon as it reaches the handle method I > peek > > and see its a Connect www.google.com:443. So, i make request with > > httpclient right here and get a 200 response so i know my proxy server > and > > the server(google) can accept ssl so at this point i set the response to > be > > HTTP/1.0 200 Connection established\r\nProxy-agent: proxy client\r\n\r\n" > > just as RFC says you do to tell browser we can start talking in ssl. But > as > > soon as i set this as response and it leaves the method it shuts > connection > > down and Firefox says: > > > > Secure Connection Failed > > > > An error occurred during a connection to www.google.com. > > > > SSL received a record that exceeded the maximum permissible length. > > > > (Error code: ssl_error_rx_record_too_long) > > > > I have read online and it says that this happens if you try to send ssl > to > > port 80 but i'm pretty sure that is not problem. Any ideas? > > > > Hi Steve > > SSL tunneling via an HTTP proxy simply does not work like that. Upon > receipt of a CONNECT request, the proxy is expected to do the following: > (1) optionally authenticate the user and respond with 407 status if user > credentials are not valid > (2) open a TCP connection to the origin server, but send NO data to the > origin > (3) if connection is successful, respond to the client with 200 status > (4) at this point the tunnel can be considered established and > operational. From hence on the proxy is expected to read whatever data > comes from the client and relay it to the origin and the other way around. > The content passed between the client and the origin is completely opaque > to the proxy. > > For proper specification of the protocol please see > > http://www.ietf.org/rfc/rfc2817.txt > > The trouble is that connection tunneling is not easy to implement with the > classic (blocking) I/O. One would need to employ two treads to be able to > read and write in both directions simultaneously or use one thread and > constantly switch between read and write mode which may be not very > efficient. Usually NIO tends to be a better model for proxies. > > Oleg > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
