Bug#651640: apt-transport-https: https method does not support proxy authorization
Package: apt-transport-https
Version: 0.8.10.3+squeeze1
Severity: normal
Tags: patch
The apt.conf manpage states that the proxy options for HTTPS URIs are the same
as for HTTP URIs. However, this is not the case for the proxy authorization:
Even if configured in Acquire::http::Proxy or Acquire::https::Proxy, no
Proxy-Authorization header is sent in the CONNECT requests. This problem
prevents access to repositories with https://-URIs from behind proxies that
require authorization. The attached patch fixes this by directly passing the
configured proxy to cURL, which seems fine according to the cURL documentation
([1]). Support for the 'https_proxy' environment variable (similar to the
existing 'http_proxy' environment variable support) in HttpsMethod::SetupProxy
might be another useful change, but is not included in my patch - maybe the
'http_proxy' support could also be dropped, as cURL seems to respect this
variable already ([1]).
A workaround for the problem is to use Acquire::http::Proxy::<host> to setup
the proxy for http://-URIs and *not* setting up any proxy for HTTPS in the apt
configuration. Instead, one can set the 'https_proxy' environment variable
which is then used by cURL.
Regards,
Manfred
[1] http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTPROXY
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_CH.utf8, LC_CTYPE=de_CH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt-transport-https depends on:
ii apt [libapt-pkg4.10] 0.8.10.3+squeeze1 Advanced front-end for dpkg
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcurl3-gnutls 7.21.0-2 Multi-protocol file transfer libra
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
apt-transport-https recommends no packages.
apt-transport-https suggests no packages.
-- no debconf information
>From 69e9f3ea71affa301cad2eeaa70de0f2d1652b50 Mon Sep 17 00:00:00 2001
From: Manfred Stock <manfred.stock+debian@gmail.com>
Date: Sat, 10 Dec 2011 19:39:24 +0100
Subject: [PATCH] Pass configured proxy directly to cURL
This change adds support for proxy authorization in the https method.
---
methods/https.cc | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/methods/https.cc b/methods/https.cc
index aa6786a..25f7b1d 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -83,13 +83,10 @@ void HttpsMethod::SetupProxy() /*{{{*/
UseProxy = result == NULL ? "" : result;
}
- // Determine what host and port to use based on the proxy settings
+ // Determine the proxy to use based on the settings
if (UseProxy.empty() == false)
{
- Proxy = UseProxy;
- if (Proxy.Port != 1)
- curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
- curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str());
+ curl_easy_setopt(curl, CURLOPT_PROXY, UseProxy.c_str());
}
} /*}}}*/
// HttpsMethod::Fetch - Fetch an item /*{{{*/
--
1.7.2.5
Reply to: