hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sivasubramaniam Sivakumar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1318) Redirect to TLS site via TLS proxy fails - incorrectly marked as insecure target route
Date Tue, 26 Feb 2013 09:50:13 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13586966#comment-13586966
] 

Sivasubramaniam Sivakumar commented on HTTPCLIENT-1318:
-------------------------------------------------------

I faced a similar error when the client was trying to talk to a non-SSL site through an SSL
enabled proxy. I fixed it by forcing a route whenever the end site was non-SSL (i.e., HTTP).
The route should have the secure flag as true and Layering and Tunneling should be disabled.
The route's parameters - 

public class MyRoutePlanner implements HttpRoutePlanner {
    @Override
    public HttpRoute determineRoute(HttpHost target, HttpRequest request,
            HttpContext context) throws HttpException {
        return new HttpRoute(target, null, new HttpHost("192.168.2.3", 8181, "https"), true,
TunnelType.PLAIN, LayerType.PLAIN); 
    }
}

Please check this StackOverflow post for a better explanation of this error - http://stackoverflow.com/questions/15048102/httprouteplanner-how-does-it-work-with-an-https-proxy
                
> Redirect to TLS site via TLS proxy fails - incorrectly marked as insecure target route
> --------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1318
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1318
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>    Affects Versions: 4.2.3
>         Environment: All
>            Reporter: Adam Fisk
>            Priority: Minor
>             Fix For: Future
>
>
> When configured to use a TLS proxy to a target site that is also TLS with a redirect
response, HttpClient will incorrectly create a new target route marked as http and insecure
rather than https and secure when generating the new request to the redirected location. This
will result in exceptions like the trace below with: 
> "Unable to establish route: planned = {}->https://localhost:7777->http://www.exceptional.io;
current = {s}->https://localhost:7777->http://www.exceptional.io"
> In fact, the test producing that exception is targeting https://www.exceptional.io not
http://www.exceptional.io, which is apparently correctly determined in the original request
but not in the redirected request. One candidate for the suspect code is line 1112 of handleResponse
in DefaultRequestDirector where the following line:
> HttpHost newTarget = URIUtils.extractHost(uri);
> creates a new target that is always HTTP regardless of whether or not the original target
was HTTPS, with havoc ensuing from there. This is reproducible in this test over at LittleProxy:
> https://github.com/adamfisk/LittleProxy/blob/master/src/test/java/org/littleshoot/proxy/EndToEndStoppingTest.java
> org.apache.http.client.ClientProtocolException
> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:909)
> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
> 	at org.littleshoot.proxy.EndToEndStoppingTest.runSiteTestWithHttpClient(EndToEndStoppingTest.java:167)
> 	at org.littleshoot.proxy.EndToEndStoppingTest.testWithHttpClient(EndToEndStoppingTest.java:92)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:597)
> 	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
> 	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
> 	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
> 	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
> 	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
> 	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
> 	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
> 	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
> 	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
> 	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
> 	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
> 	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
> 	at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
> 	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
> 	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
> Caused by: org.apache.http.HttpException: Unable to establish route: planned = {}->https://localhost:7777->http://www.exceptional.io;
current = {s}->https://localhost:7777->http://www.exceptional.io
> 	at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:846)
> 	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:649)
> 	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
> 	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> 	... 27 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message