New submission from Vova:
At my workplace I have to use corporate Internet proxy server with
AD/domain/ntlm authorization. I use local cntlm proxy server to authorize
myself on corporate proxy. Programs are send requests to cntlm proxy without
any authorization information. Cntlm proxy communicate with corporate proxy and
handle all authorization stuff and return response to programs.
But programs which use httplib, like pip, and want to open https url can't work
in my network scheme. Because to open https connection httplib send to cntlm
proxy
"CONNECT encrypted.google.com:443 HTTP/1.0\r\n"
HTTP/1.0 does not assume persistent connection so corporate proxy return http
response 407 (need authorization) and close connection. Cntlm proxy detect
closed connection and return http response 407 to pip/httplib which can't
handle this response or begin ntlm negotiation, throw exception
ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 407
Proxy Authentication Required',))
and close.
So I suggest change HTTP CONNECT method to
"CONNECT %s:%d HTTP/1.1\r\n"
This change allow cntlm proxy keep alive connection to corporate proxy do all
authorization stuff and return proper response.
And also in header of httplib is stated what it is "HTTP/1.1 client library"
----------
components: Library (Lib)
files: py2.7.httplib.patch
keywords: patch
messages: 229856
nosy: vova
priority: normal
severity: normal
status: open
title: httplib/http.client in method _tunnel used HTTP/1.0 CONNECT method
type: behavior
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6
Added file: http://bugs.python.org/file36996/py2.7.httplib.patch
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue22708>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
