>Number: 181445 >Category: misc >Synopsis: [PATCH] fetch(3) - Host header required by some proxies for >HTTPS >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 21 05:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Kimo >Release: 9.1-RELEASE (but patched against HEAD) >Organization: >Environment: >Description: Some proxy servers, i.e., apache, enforce the Host header requirement on HTTP/1.1 requests even when the CONNECT method is given. The resulting response is "400 bad request". This patch adds the Host header immediately after the CONNECT method. However, even with the patch, the request will fail later on with SSL errors but that would be a different PR. >How-To-Repeat: I don't have a public apache-based proxy server to use but an apache configuration containing the following:
ProxyRequests On SSLProxyEngine On AllowCONNECT 80 443 And then export HTTP_PROXY=http://theproxyserver:80/ fetch https://www.yahoo.com/ >Fix: Index: lib/libfetch/http.c =================================================================== --- lib/libfetch/http.c (revision 254593) +++ lib/libfetch/http.c (working copy) @@ -1400,6 +1400,8 @@ if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { http_cmd(conn, "CONNECT %s:%d HTTP/1.1", URL->host, URL->port); + http_cmd(conn, "Host: %s:%d", + URL->host, URL->port); http_cmd(conn, ""); if (http_get_reply(conn) != HTTP_OK) { fetch_close(conn); Patch attached with submission follows: Index: lib/libfetch/http.c =================================================================== --- lib/libfetch/http.c (revision 254593) +++ lib/libfetch/http.c (working copy) @@ -1400,6 +1400,8 @@ if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { http_cmd(conn, "CONNECT %s:%d HTTP/1.1", URL->host, URL->port); + http_cmd(conn, "Host: %s:%d", + URL->host, URL->port); http_cmd(conn, ""); if (http_get_reply(conn) != HTTP_OK) { fetch_close(conn); >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
