You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/11/20 00:26:58 UTC
[jira] [Work logged] (TS-5058) Broken HTTPS connect on forward
proxy
[ https://issues.apache.org/jira/browse/TS-5058?focusedWorklogId=32221&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-32221 ]
ASF GitHub Bot logged work on TS-5058:
--------------------------------------
Author: ASF GitHub Bot
Created on: 20/Nov/16 00:26
Start Date: 20/Nov/16 00:26
Worklog Time Spent: 10m
Work Description: GitHub user jpeach opened a pull request:
https://github.com/apache/trafficserver/pull/1228
TS-5058: Fix CONNECT handling without parent proxying.
The change in TS-5040 broke direct CONNECT method handling by always
attempting to forward the CONNECT request. In fact, we should only be
forwarding the request if there is a parent specified or we have explicit
configuration to do so.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jpeach/trafficserver fix/5058
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/1228.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1228
----
commit d5944f18d99c5ff27477bb7ff6b1c9226c1d3bc3
Author: James Peach <jp...@apache.org>
Date: 2016-11-20T00:16:24Z
TS-5058: Fix CONNECT handling without parent proxying.
The change in TS-5040 broke direct CONNECT method handling by always
attempting to forward the CONNECT request. In fact, we should only be
forwarding the request if there is a parent specified or we have explicit
configuration to do so.
----
Issue Time Tracking
-------------------
Worklog Id: (was: 32221)
Time Spent: 10m
Remaining Estimate: 0h
> Broken HTTPS connect on forward proxy
> -------------------------------------
>
> Key: TS-5058
> URL: https://issues.apache.org/jira/browse/TS-5058
> Project: Traffic Server
> Issue Type: Bug
> Components: TLS
> Reporter: Craig B
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Commit cf58a91ccd3048f3f0a540463ad8609ae2ce1209 (TS-5040) broke forward proxy connectivity to HTTPS sites.
> Previous behaviour: ATS would create a TLS connection to origin server
> Current behaviour: ATS issues a "CONNECT host:port" command (in the clear) to the server, which is rejected by the server.
> (Tested against commit 79ef0d5980b168c5d3292e180ba15f458fe5bea9 as one example of "previous")
> Both values for proxy.config.http.forward_connect_method (0 and 1) exhibit this behaviour.
> Using default configuration, plus forward proxy:
> # https://docs.trafficserver.apache.org/records.config#url-remap-rules
> # https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html
> ##############################################################################
> -CONFIG proxy.config.url_remap.remap_required INT 1
> +CONFIG proxy.config.url_remap.remap_required INT 0
> # https://docs.trafficserver.apache.org/records.config#proxy-config-url-remap-pristine-host-hdr
> CONFIG proxy.config.url_remap.pristine_host_hdr INT 0
> # https://docs.trafficserver.apache.org/records.config#reverse-proxy
> -CONFIG proxy.config.reverse_proxy.enabled INT 1
> +CONFIG proxy.config.reverse_proxy.enabled INT 0
> Behaviour can be viewed by logging network traffic (tcpdump port 443).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)