[Bug 1158141] Re: apache2 forward proxy socket read error
Alain, I'm trying to help, and I'm sorry that you feel that I'm snubbing users. I'm happy to take feedback on what I should be doing instead. Please can you explain how you think I've snubbed users here? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1158141 Title: apache2 forward proxy socket read error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1158141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1158141] Re: apache2 forward proxy socket read error
Same problem here. Works fine with 1.9.0+svn250-3 Broken with 1.9.0+svn250-5 (Package for vivid, installed on a trusty) Btw, Robie, if you snub one user, in reality you also snub hundreds of others who find his bug report by googling for the same symptoms, so please be a bit more helpful. It reflects badly on the community. ... and if it is not the same problem, maybe the real bug is that the error message is just so goddamn vague. Even with -v (verbose) there was not more detail than "error: Socket read error". -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1158141 Title: apache2 forward proxy socket read error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1158141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1158141] Re: apache2 forward proxy socket read error
Found it. Actually it was due to both a pecularity in the proxy server I wanted to get through, and a bug in how proxytunnel sets SNI. It seems that our proxy server ignores SNI in SSLv3, but considers it in TLSv1. And proxytunnel sets the wrong SNI. proxytunnel ---> proxy1 (the one I want to get through) ---> proxy2 (my Apache) ---> ssh. After sending CONNECT proxy2:443 to the proxy1 (in order to be connected through to proxy2), it starts negotiating the SSL session with proxy2. It would be logical to base that negotiation on the host name of proxy2. However, proxytunnel mistakenly includes proxy1 as the SNI in that negotiation. With the result that the "evil" proxy1, which snoops at the initial part of the negotiation (which is still clear-text...), sees that SNI, then ignores the host that it got in the CONNECT header, and instead attempts to connect to the host that it saw in the SNI, which would be itself (proxy1 instead of proxy2). In my case, just dropping the SNI setting code in stream_enable_ssl in pstream.c fixed the issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1158141 Title: apache2 forward proxy socket read error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1158141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1158141] Re: apache2 forward proxy socket read error
Same problem here -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1158141 Title: apache2 forward proxy socket read error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1158141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1158141] Re: apache2 forward proxy socket read error
Tim, Sorry but this is a bug tracker, not a support forum. Please continue trying the forums, or the ubuntu-server mailing list, askubuntu.com or IRC. ** Changed in: apache2 (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1158141 Title: apache2 forward proxy socket read error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1158141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1158141] Re: apache2 forward proxy socket read error
Thank you for your report. This looks like a local configuration problem, rather than a bug in Ubuntu, so I'm marking this bug as Incomplete. If this is indeed a local configuration problem, you can find pointers to get help for this sort of problem here: http://www.ubuntu.com/support/community Or if you believe that this is really a bug, then you may find it helpful to read How to report bugs effectively http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then update your report, and then change the bug status back to New. The problem here is that you seem to be saying that proxytunnel does not work at all. If this is a problem with apache2, can you pin down exactly what about apache2 does not work, in technical terms? Or if this is a problem with proxytunnel, then likewise? ** Changed in: apache2 (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1158141 Title: apache2 forward proxy socket read error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1158141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1158141] Re: apache2 forward proxy socket read error
I have requested help already via the forums, but didn't get an answer. I guess it's an Apache problem because the error is a socket read error, but I don't know enough to test this. I actually don't know what a socket read error means. There one another reports of similar problems on RedHat, where fixes have involved SELinux tweaking, so maybe it is a security problem. If an expert in apache2 forward proxying can help give me some steps to eliminate apache2 that would be great. Because this is an important tool to bypass internet censorship and because apache2 and proxytunnel are common tools, I hope that someone can provide guidance. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1158141 Title: apache2 forward proxy socket read error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1158141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs