hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Simple code through proxy not working
Date Wed, 11 Feb 2009 19:26:03 GMT
Michael Baierl wrote:
> Hi Oleg!
> Oleg Kalnichevski wrote:
>> Michael Baierl wrote:
>>> Hi there,
>>> I have some pretty simple code that is not working through a proxy.
>>> What I have:
>>> -) an open proxy which does not require authentication
>>> -) the proxy listens on port 80
>>> -) I verified using curl that everything works as expected
>>> What I want to do:
>>> -) request http://somewhere/ through the proxy
>>> -) request https://somewhere/ through the proxy
>>> I did some packet sniffing and to me it seems that HttpClient 3 is 
>>> not going to do a CONNECT first.
>>> What I would expect:
>>> -) On the request to http://somewhere/
>>>    1) connect to the proxy on the given port (80)
>>>    2) use CONNECT somewhere:80
>>>    3) do a GET request
>>>    4) done
>> Your expectation is wrong. HttpClient does not have to do that. Plain 
>> HTTP requests send via standard (caching) proxies are only required to 
>> contain an absolute request URI.
>> http://www.faqs.org/rfcs/rfc2616.html
>> ---
>> 5.1.2 Request-URI
>> ...
>>    The absoluteURI form is REQUIRED when the request is being made to a
>>    proxy. The proxy is requested to forward the request or service it
>>    from a valid cache, and return the response. Note that the proxy MAY
>>    forward the request on to another proxy or directly to the server
>> ---
> Fair enough and works fine that way as well. What does not work is the 
> second case:
>>> -) On the request to https://somewhere/ (SSL!)
>>>    1) connect to the proxy on the given port (80)
>>>    2) use CONNECT somewhere:443
>>>    3) build up the SSL connection
>>>    4) do a GET request
>>>    5) done
>> Are you using a custom SSL socket factory by any chance? Are you sure 
>> it is implemented correctly?
> As you can see below I use the standard supplied 
> EasySSLProtocolSocketFactory.

There is no such thing as standard supplied EasySSLProtocolSocketFactory 
as this class is distributed in source as a reference material.

> Where I see the issue is the fact that the connection between HttpClient 
> and the proxy is unencrypted (the "CONNECT www.somewhere.com:443" is in 
> plain text)

That is the way it is supposed to be. The connection to the tunneling 
proxy is made in clear text and then, once the tunnel has been 
established, the client will use it to send encrypted data to the target 

  and then an SSL encrypted connection to the target server
> has to be made.
>>> Packet sniffing has shown me that this is not the case, HttpClient 
>>> just fails and does not connect using the CONNECT function...
> Further tests have shown me that just adding a proxy like below
> httpclient.getHostConfiguration().setProxy("", 80);
> does not use SSL between HttpClient and the target server.

There is no correlation between proxy settings and transport security.

Hope this helps


To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message