[fossil-users] Fossil, proxies and SSL, revisited
[sorry if this is received twice; I originally sent it before I received my list membership confirmation, so I think the original was discarded] Hello, I'm having problems syncing with my Fossil repositories via HTTPS from behind a proxy. I have searched the list archives and I saw a similar topic from 2010 that did not show any possible resolution for me. As a caveat, I profess that I am generally ignorant of the inner workings of proxies. I'm hosting my repositories from a CGI script on a shared host. I have a self-signed SSL certificate for the subdomain that hosts the repos. From home, I can sync via HTTPS without problems. However, at work I am behind a particularly pesky proxy. Nevertheless, I can visit the repos' web pages via HTTPS in a browser despite the proxy. Similarly, I can, for example, from the command line use wget to fetch a file via HTTPS From the server through the proxy, and I can confirm that it is really going via HTTPS because it complains about my self-signed certificate. However, when I attempt to sync my Fossil repositories, I receive the following error: $ fossil sync https://user:p...@repos.invergo.net/reponame via proxy: http://proxy.company.com:8080 fossil: server says: 503 Service Unavailable: 0 If I set the proxy to https://proxy.company.com:8080 (probably stupid, I know, but let's try it anyway), I get the following: fossil: SSL: cannot connect to host proxy.company.com:8080 (unknown protocol) I have built Fossil myself, and I was sure to build in SSL support. Just now I logged into another machine that I have an account on that is not behind a firewall and I confirmed that I can clone a repository via HTTPS, so the 503 error does not indicate some temporary failure in service. So, I'm at a bit of a loss on what other steps to try to get around this. Does anyone have any suggestions? Thanks for your help! -- Brandon Invergo http://brandon.invergo.net pgpn2taJr8BsO.pgp Description: PGP signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil, proxies and SSL, revisited
On Mon, Jun 17, 2013 at 10:48 AM, Brandon Invergo bran...@invergo.netwrote: However, when I attempt to sync my Fossil repositories, I receive the following error: $ fossil sync https://user:p...@repos.invergo.net/reponame via proxy: http://proxy.company.com:8080 fossil: server says: 503 Service Unavailable: 0 I don't know that much about proxies, since I never personally need to deal with them. But maybe they should be disabled for HTTPS? What happens if you recompile with this patch: Index: src/url.c == --- src/url.c +++ src/url.c @@ -326,11 +326,11 @@ if( zProxy==0 || zProxy[0]==0 || is_truth(zProxy) ){ zProxy = fossil_getenv(http_proxy); } } if( zProxy zProxy[0] !is_false(zProxy) - !g.urlIsSsh !g.urlIsFile ){ + !g.urlIsSsh !g.urlIsFile !g.urlIsHttps ){ char *zOriginalUrl = g.urlCanonical; char *zOriginalHost = g.urlHostname; char *zOriginalUser = g.urlUser; char *zOriginalPasswd = g.urlPasswd; unsigned uOriginalFlags = g.urlFlags; -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil, proxies and SSL, revisited
On Mon, Jun 17, 2013 at 10:56:03AM -0400, Richard Hipp wrote: On Mon, Jun 17, 2013 at 10:48 AM, Brandon Invergo bran...@invergo.netwrote: However, when I attempt to sync my Fossil repositories, I receive the following error: $ fossil sync https://user:p...@repos.invergo.net/reponame via proxy: http://proxy.company.com:8080 fossil: server says: 503 Service Unavailable: 0 I don't know that much about proxies, since I never personally need to deal with them. But maybe they should be disabled for HTTPS? To use https over an http proxy, fossil should use a CONNECT http proxy command. After success on that, it's like a normal direct connection to the remote https server, and all TLS happens without the proxy understanding a word. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil, proxies and SSL, revisited
On Mon, Jun 17, 2013 at 10:59 AM, Lluís Batlle i Rossell vi...@viric.namewrote: On Mon, Jun 17, 2013 at 10:56:03AM -0400, Richard Hipp wrote: On Mon, Jun 17, 2013 at 10:48 AM, Brandon Invergo bran...@invergo.net wrote: However, when I attempt to sync my Fossil repositories, I receive the following error: $ fossil sync https://user:p...@repos.invergo.net/reponame via proxy: http://proxy.company.com:8080 fossil: server says: 503 Service Unavailable: 0 I don't know that much about proxies, since I never personally need to deal with them. But maybe they should be disabled for HTTPS? To use https over an http proxy, fossil should use a CONNECT http proxy command. After success on that, it's like a normal direct connection to the remote https server, and all TLS happens without the proxy understanding a word. I don't have access to a proxy for testing purposes. Can somebody (who has signed a CLA) suggest a patch to implement this? (CLA available here: http://www.fossil-scm.org/fossil/doc/trunk/www/copyright-release.pdf) -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users