Bug#994032: switch from https to http transport for certain proxies

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#994032: switch from https to http transport for certain proxies
From: Eduard Bloch <edi@gmx.de>
Date: Fri, 10 Sep 2021 11:12:04 +0200
Message-id: <[🔎] YTshZFAMXFB6lbd1@rotes76.wohnheim.uni-kl.de>
Reply-to: Eduard Bloch <edi@gmx.de>, 994032@bugs.debian.org

Package: apt
Version: 2.3.9
Severity: wishlist

Hi,

as of now, there are certain HTTPS protocol schemes used in apt in
conjunction with proxies.
a) for http, the requests are used with GET and plain URL over http transport
b) for https, CONNECT establishes a tunnel and then plain http over TLS
stream is used

What we don't have is option c) the user might trust his proxy and
want requests to be made in plain text (GET) but with https:// schema,
and the proxy gets the responsibility for HTTPS communication and
delivery of the content as plain HTTP response.

This should be configurable through some options. Some idea from mstone
and me in the recent debian-devel thread about #992692:

> If we're imagining apt options, something like
> Acquire::https::Force-Proxy-HTTP true;
> would probably be more useful for this specific case (not that I think it's
> a great idea--too much potential for surprise).

I would make it a list of trusted hosts and a special value ALL.

Best regards,
Eduard.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.14.1+ (SMP w/12 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser                 3.118
ii  debian-archive-keyring  2021.1.1
ii  gpgv                    2.2.27-2
ii  gpgv2                   2.2.27-2
ii  libapt-pkg6.0           2.3.9
ii  libc6                   2.31-17
ii  libgcc-s1               11.2.0-4
ii  libgnutls30             3.7.2-2
ii  libseccomp2             2.5.1-1
ii  libstdc++6              11.2.0-4
ii  libsystemd0             247.9-1

Versions of packages apt recommends:
ii  ca-certificates  20210119

Versions of packages apt suggests:
ii  apt-doc                      2.3.8
pn  aptitude | synaptic | wajig  <none>
ii  dpkg-dev                     1.20.9
ii  gnupg                        2.2.27-2
ii  gnupg2                       2.2.27-2
ii  powermgmt-base               1.36

-- no debconf information

Reply to:

Follow-Ups:
- Bug#994032: switch from https to http transport for certain proxies
  - From: Julian Andres Klode <jak@debian.org>
- Processed: Re: Bug#994032: switch from https to http transport for certain proxies
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#993291: apt upgrade crashes with "Assertion `I->Items->Owner->Status != pkgAcquire::Item::StatIdle' failed" when not all mirrors are reachable
Next by Date: Bug#994032: switch from https to http transport for certain proxies
Previous by thread: Processed: Re: apt: Unnecessarily provide empty dir /lib/systemd/
Next by thread: Bug#994032: switch from https to http transport for certain proxies
Index(es):
- Date
- Thread