You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Craig B (JIRA)" <ji...@apache.org> on 2016/11/18 11:06:58 UTC

[jira] [Commented] (TS-5058) Broken HTTPS connect on forward proxy

    [ https://issues.apache.org/jira/browse/TS-5058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15676481#comment-15676481 ] 

Craig B commented on TS-5058:
-----------------------------

Problem is around line 472.
It's setting SM_ACTION_ORIGIN_SERVER_OPEN, which fails.
If it's forced to SM_ACTION_ORIGIN_SERVER_RAW_OPEN, it works.

For some reason " s->parent_result.result != PARENT_SPECIFIED" is returning true.

> Broken HTTPS connect on forward proxy
> -------------------------------------
>
>                 Key: TS-5058
>                 URL: https://issues.apache.org/jira/browse/TS-5058
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: TLS
>            Reporter: Craig B
>
> Commit cf58a91ccd3048f3f0a540463ad8609ae2ce1209  (TS-5040) broke forward proxy connectivity to HTTPS sites.
> Previous behaviour: ATS would create a TLS connection to origin server
> Current behaviour: ATS issues a "CONNECT host:port" command (in the clear) to the server, which is rejected by the server.
> (Tested against commit 79ef0d5980b168c5d3292e180ba15f458fe5bea9 as one example of "previous")
> Both values for proxy.config.http.forward_connect_method (0 and 1) exhibit this behaviour.
> Using default configuration, plus forward proxy:
>  #    https://docs.trafficserver.apache.org/records.config#url-remap-rules
>  #    https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html
>  ##############################################################################
> -CONFIG proxy.config.url_remap.remap_required INT 1
> +CONFIG proxy.config.url_remap.remap_required INT 0
>      # https://docs.trafficserver.apache.org/records.config#proxy-config-url-remap-pristine-host-hdr
>  CONFIG proxy.config.url_remap.pristine_host_hdr INT 0
>      # https://docs.trafficserver.apache.org/records.config#reverse-proxy
> -CONFIG proxy.config.reverse_proxy.enabled INT 1
> +CONFIG proxy.config.reverse_proxy.enabled INT 0
> Behaviour can be viewed by logging network traffic (tcpdump port 443).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)