On 2014-01-22 11:44, David Deller wrote:
>>> Here's another request, this time with HTTPS:
>>> $ curl --proxy https://my-proxy-server.example:3129 \
>>> --proxy-anyauth --proxy-user redacted:redacted -w '\n' \
>>> http://urlecho.appspot.com/echo?body=OK
>>> curl: (56) Recv failure: Connection reset by peer
>>> Nothing in `access.log` after this one, but in `cache.log`:
>>> 2014/01/20 20:46:15| clientNegotiateSSL: Error negotiating SSL
>>> connection on FD 10: error:1407609C:SSL
>>> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
>>
>> See the serverfault response. curl is connecting to the proxy using
>> plain-text instead of SSL.
Official curl does not support SSL connections to HTTP proxies. Factory
has an experimental curl patch adding such support, including client SSL
certificate authentication IIRC. If all you need is a single
SSL-to-proxy client, that will work for you (please contact me off list
if interested). If you need SSL-to-proxy support in popular browsers and
other clients, a single patched curl will not help, of course.
> I did notice this and wondered if it might be a problem with curl
> itself. So I also tried similar tests with Google Chrome and a Ruby
> HTTP library called excon, both of which specifically mention support
> of HTTPS proxies. I also tried a few other HTTP libraries that have
> HTTP proxy support but don’t specifically mention HTTPS. Since I saw
> the same failing result with all of them, I went back to trying to
> troubleshoot Squid as the likely source of the problem.
In many cases, "HTTPS proxy support" simply means tunneling SSL
connections through HTTP proxies by sending HTTP CONNECT requests to
those HTTP proxies first. That is not SSL-to-proxy mode that you are
looking for.
HTH,
Alex.
Received on Thu Jan 23 2014 - 18:20:16 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 24 2014 - 12:00:06 MST