Bug#651640: apt-transport-https: https method does not support proxy authorization

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#651640: apt-transport-https: https method does not support proxy authorization
From: Manfred Stock <manfred.stock+debian@gmail.com>
Date: Sat, 10 Dec 2011 21:00:57 +0100
Message-id: <[🔎] 20111210200057.19555.91118.reportbug@tank.futurelab.ch>
Reply-to: Manfred Stock <manfred.stock+debian@gmail.com>, 651640@bugs.debian.org

Package: apt-transport-https
Version: 0.8.10.3+squeeze1
Severity: normal
Tags: patch


The apt.conf manpage states that the proxy options for HTTPS URIs are the same
as for HTTP URIs. However, this is not the case for the proxy authorization:
Even if configured in Acquire::http::Proxy or Acquire::https::Proxy, no
Proxy-Authorization header is sent in the CONNECT requests. This problem
prevents access to repositories with https://-URIs from behind proxies that
require authorization. The attached patch fixes this by directly passing the
configured proxy to cURL, which seems fine according to the cURL documentation
([1]). Support for the 'https_proxy' environment variable (similar to the
existing 'http_proxy' environment variable support) in HttpsMethod::SetupProxy
might be another useful change, but is not included in my patch - maybe the
'http_proxy' support could also be dropped, as cURL seems to respect this
variable already ([1]).

A workaround for the problem is to use Acquire::http::Proxy::<host> to setup
the proxy for http://-URIs and *not* setting up any proxy for HTTPS in the apt
configuration. Instead, one can set the 'https_proxy' environment variable
which is then used by cURL.

Regards,
Manfred


[1] http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTPROXY

-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_CH.utf8, LC_CTYPE=de_CH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt-transport-https depends on:
ii  apt [libapt-pkg4.10]   0.8.10.3+squeeze1 Advanced front-end for dpkg
ii  libc6                  2.11.2-10         Embedded GNU C Library: Shared lib
ii  libcurl3-gnutls        7.21.0-2          Multi-protocol file transfer libra
ii  libgcc1                1:4.4.5-8         GCC support library
ii  libstdc++6             4.4.5-8           The GNU Standard C++ Library v3

apt-transport-https recommends no packages.

apt-transport-https suggests no packages.

-- no debconf information

>From 69e9f3ea71affa301cad2eeaa70de0f2d1652b50 Mon Sep 17 00:00:00 2001
From: Manfred Stock <manfred.stock+debian@gmail.com>
Date: Sat, 10 Dec 2011 19:39:24 +0100
Subject: [PATCH] Pass configured proxy directly to cURL

This change adds support for proxy authorization in the https method.
---
 methods/https.cc |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/methods/https.cc b/methods/https.cc
index aa6786a..25f7b1d 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -83,13 +83,10 @@ void HttpsMethod::SetupProxy()  					/*{{{*/
       UseProxy = result == NULL ? "" : result;
    }
 
-   // Determine what host and port to use based on the proxy settings
+   // Determine the proxy to use based on the settings
    if (UseProxy.empty() == false) 
    {
-      Proxy = UseProxy;
-      if (Proxy.Port != 1)
-	 curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
-      curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+      curl_easy_setopt(curl, CURLOPT_PROXY, UseProxy.c_str());
    }
 }									/*}}}*/
 // HttpsMethod::Fetch - Fetch an item					/*{{{*/
-- 
1.7.2.5

Reply to:

Prev by Date: Bug#651472: python-apt FTBFS on alpha too.
Next by Date: Processed: change mail address
Previous by thread: Bug#651472: python-apt FTBFS on alpha too.
Next by thread: Processed: change mail address
Index(es):
- Date
- Thread