You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Igor Galić (JIRA)" <ji...@apache.org> on 2011/06/21 00:46:47 UTC
[jira] [Created] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Forward proxy: Can't create SSL connection to older Subversion Servers.
-----------------------------------------------------------------------
Key: TS-847
URL: https://issues.apache.org/jira/browse/TS-847
Project: Traffic Server
Issue Type: Bug
Affects Versions: 3.0.0, 3.1.0
Reporter: Igor Galić
When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
{noformat}
igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
1 igalic@knock ~/src %
{noformat}
The squid.blog says:
{noformat}
1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
{noformat}
While the error log says:
{noformat}
20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
{noformat}
With newer versions of the Subversion server this works out fine, example the ASF's server:
{noformat}
igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
A header_filter/example.conf
A header_filter/rules.h
A header_filter/NOTICE
A header_filter/header_filter.cc
A header_filter/LICENSE
A header_filter/STATUS
A header_filter/lulu.h
A header_filter/CHANGES
A header_filter/Makefile
A header_filter/README
A header_filter/rules.cc
Checked out revision 1137808.
igalic@knock ~/src %
{noformat}
I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
* Failure with ATS (old subversion server: sf.net)
* Success with Squid (same old subversion server: sf.net)
* Success with ATS (new Subversion server: ASF)
* Success with Squid (same new Subversion server: ASF)
To force subversion through a proxy you need to edit ~/.subversion/servers
{noformat}
[global]
http-proxy-host = localhost
http-proxy-port = 8080
{noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Posted by "Igor Galić (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Galić updated TS-847:
--------------------------
Backport to Version: (was: 3.0.1)
Fix Version/s: 3.0.1
> Forward proxy: Can't create SSL connection to older Subversion Servers.
> -----------------------------------------------------------------------
>
> Key: TS-847
> URL: https://issues.apache.org/jira/browse/TS-847
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 3.1.0, 3.0.0
> Reporter: Igor Galić
> Fix For: 3.1.0, 3.0.1
>
> Attachments: 01_fail_ats_sfnet.cap, 02_pass_squid_sfnet.cap, 03_pass_ats_asf.cap, 04_pass_squid_asf.cap, TS-847.diff
>
>
> When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
> {noformat}
> igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
> svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
> 1 igalic@knock ~/src %
> {noformat}
> The squid.blog says:
> {noformat}
> 1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
> {noformat}
> While the error log says:
> {noformat}
> 20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
> {noformat}
> With newer versions of the Subversion server this works out fine, example the ASF's server:
> {noformat}
> igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
> A header_filter/example.conf
> A header_filter/rules.h
> A header_filter/NOTICE
> A header_filter/header_filter.cc
> A header_filter/LICENSE
> A header_filter/STATUS
> A header_filter/lulu.h
> A header_filter/CHANGES
> A header_filter/Makefile
> A header_filter/README
> A header_filter/rules.cc
> Checked out revision 1137808.
> igalic@knock ~/src %
> {noformat}
> I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
> * Failure with ATS (old subversion server: sf.net)
> * Success with Squid (same old subversion server: sf.net)
> * Success with ATS (new Subversion server: ASF)
> * Success with Squid (same new Subversion server: ASF)
> To force subversion through a proxy you need to edit ~/.subversion/servers
> {noformat}
> [global]
> http-proxy-host = localhost
> http-proxy-port = 8080
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Posted by "Igor Galić (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Galić updated TS-847:
--------------------------
Attachment: 04_pass_squid_asf.cap
03_pass_ats_asf.cap
02_pass_squid_sfnet.cap
01_fail_ats_sfnet.cap
tshark -w $fname.cap -i lo port $port
> Forward proxy: Can't create SSL connection to older Subversion Servers.
> -----------------------------------------------------------------------
>
> Key: TS-847
> URL: https://issues.apache.org/jira/browse/TS-847
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 3.1.0, 3.0.0
> Reporter: Igor Galić
> Attachments: 01_fail_ats_sfnet.cap, 02_pass_squid_sfnet.cap, 03_pass_ats_asf.cap, 04_pass_squid_asf.cap
>
>
> When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
> {noformat}
> igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
> svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
> 1 igalic@knock ~/src %
> {noformat}
> The squid.blog says:
> {noformat}
> 1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
> {noformat}
> While the error log says:
> {noformat}
> 20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
> {noformat}
> With newer versions of the Subversion server this works out fine, example the ASF's server:
> {noformat}
> igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
> A header_filter/example.conf
> A header_filter/rules.h
> A header_filter/NOTICE
> A header_filter/header_filter.cc
> A header_filter/LICENSE
> A header_filter/STATUS
> A header_filter/lulu.h
> A header_filter/CHANGES
> A header_filter/Makefile
> A header_filter/README
> A header_filter/rules.cc
> Checked out revision 1137808.
> igalic@knock ~/src %
> {noformat}
> I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
> * Failure with ATS (old subversion server: sf.net)
> * Success with Squid (same old subversion server: sf.net)
> * Success with ATS (new Subversion server: ASF)
> * Success with Squid (same new Subversion server: ASF)
> To force subversion through a proxy you need to edit ~/.subversion/servers
> {noformat}
> [global]
> http-proxy-host = localhost
> http-proxy-port = 8080
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Posted by "William Bardwell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13054648#comment-13054648 ]
William Bardwell commented on TS-847:
-------------------------------------
Changing timeout to be seconds doesn't match NET_CONNECT_TIMEOUT, which is 30 * 1000 (so clearly not seconds) so one of the two needs to be change further.
> Forward proxy: Can't create SSL connection to older Subversion Servers.
> -----------------------------------------------------------------------
>
> Key: TS-847
> URL: https://issues.apache.org/jira/browse/TS-847
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 3.1.0, 3.0.0
> Reporter: Igor Galić
> Fix For: 3.1.0, 3.0.1
>
> Attachments: 01_fail_ats_sfnet.cap, 02_pass_squid_sfnet.cap, 03_pass_ats_asf.cap, 04_pass_squid_asf.cap, TS-847.diff
>
>
> When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
> {noformat}
> igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
> svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
> 1 igalic@knock ~/src %
> {noformat}
> The squid.blog says:
> {noformat}
> 1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
> {noformat}
> While the error log says:
> {noformat}
> 20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
> {noformat}
> With newer versions of the Subversion server this works out fine, example the ASF's server:
> {noformat}
> igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
> A header_filter/example.conf
> A header_filter/rules.h
> A header_filter/NOTICE
> A header_filter/header_filter.cc
> A header_filter/LICENSE
> A header_filter/STATUS
> A header_filter/lulu.h
> A header_filter/CHANGES
> A header_filter/Makefile
> A header_filter/README
> A header_filter/rules.cc
> Checked out revision 1137808.
> igalic@knock ~/src %
> {noformat}
> I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
> * Failure with ATS (old subversion server: sf.net)
> * Success with Squid (same old subversion server: sf.net)
> * Success with ATS (new Subversion server: ASF)
> * Success with Squid (same new Subversion server: ASF)
> To force subversion through a proxy you need to edit ~/.subversion/servers
> {noformat}
> [global]
> http-proxy-host = localhost
> http-proxy-port = 8080
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13052282#comment-13052282 ]
Leif Hedstrom commented on TS-847:
----------------------------------
Did a few tracers (it certainly seems a lot more difficult to reproduce this with tracers on, so perhaps a race / timing issue). First is request that succeeds:
{code}
+++++++++ Proxy's Request +++++++++
-- State Machine Id: 173
CONNECT / HTTP/1.1
User-Agent: SVN/1.6.16 (r1073529) neon/0.29.5
Host: gar.svn.sourceforge.net
Client-ip: 127.0.0.1
X-Forwarded-For: 127.0.0.1
Via: http/1.1 loki.ogre.com[C0A8C90E] (ApacheTrafficServer/3.1.0-unstable [uSc ])
[Jun 20 17:44:43.914] Server {139680396424960} DEBUG: (http_trans) Next action next; HttpTransact::HandleResponse
[Jun 20 17:44:43.914] Server {139680396424960} DEBUG: (http) [173] State Transition: API_OS_DNS -> ORIGIN_SERVER_RAW_OPEN
[Jun 20 17:44:43.914] Server {139680396424960} DEBUG: (http_track) entered inside do_http_server_open
[Jun 20 17:44:43.914] Server {139680396424960} DEBUG: (http) [173] open connection to gar.svn.sourceforge.net: 216.34.181.177
[Jun 20 17:44:43.914] Server {139680396424960} DEBUG: (http_seq) [HttpSM::do_http_server_open] Sending request to server
[Jun 20 17:44:43.914] Server {139680396424960} DEBUG: (http) calling netProcessor.connect_s
[Jun 20 17:44:43.965] Server {139680396424960} DEBUG: (http) [173] [HttpSM::main_handler, NET_EVENT_OPEN]
[Jun 20 17:44:43.965] Server {139680396424960} DEBUG: (http) [173] [&HttpSM::state_raw_http_server_open, NET_EVENT_OPEN]
[Jun 20 17:44:43.965] Server {139680396424960} DEBUG: (http_trans) [HttpTransact::OriginServerRawOpen]
[Jun 20 17:44:43.965] Server {139680396424960} DEBUG: (http_trans) [WUTS code generation] Hit/Miss: 49, Log: 51, Hier: 50, Status: 200
[Jun 20 17:44:43.965] Server {139680396424960} DEBUG: (http_trans) Adding Server: ATS/3.1.0-unstable
{code}
and here's a request that failed:
{code}
+++++++++ Proxy's Request +++++++++
-- State Machine Id: 174
CONNECT / HTTP/1.1
User-Agent: SVN/1.6.16 (r1073529) neon/0.29.5
Host: gar.svn.sourceforge.net
Client-ip: 127.0.0.1
X-Forwarded-For: 127.0.0.1
Via: http/1.1 loki.ogre.com[C0A8C90E] (ApacheTrafficServer/3.1.0-unstable [uSc ])
[Jun 20 17:44:44.388] Server {139680397477632} DEBUG: (http_trans) Next action next; HttpTransact::HandleResponse
[Jun 20 17:44:44.388] Server {139680397477632} DEBUG: (http) [174] State Transition: API_OS_DNS -> ORIGIN_SERVER_RAW_OPEN
[Jun 20 17:44:44.388] Server {139680397477632} DEBUG: (http_track) entered inside do_http_server_open
[Jun 20 17:44:44.388] Server {139680397477632} DEBUG: (http) [174] open connection to gar.svn.sourceforge.net: 216.34.181.177
[Jun 20 17:44:44.388] Server {139680397477632} DEBUG: (http_seq) [HttpSM::do_http_server_open] Sending request to server
[Jun 20 17:44:44.388] Server {139680397477632} DEBUG: (http) calling netProcessor.connect_s
[Jun 20 17:44:44.428] Server {139680397477632} DEBUG: (http) [174] [HttpSM::main_handler, NET_EVENT_OPEN_FAILED]
[Jun 20 17:44:44.428] Server {139680397477632} DEBUG: (http) [174] [&HttpSM::state_raw_http_server_open, NET_EVENT_OPEN_FAILED]
[Jun 20 17:44:44.428] Server {139680397477632} DEBUG: (http_trans) [HttpTransact::OriginServerRawOpen]
[Jun 20 17:44:44.428] Server {139680397477632} DEBUG: (http_trans) [WUTS code generation] Hit/Miss: 49, Log: 117, Hier: 50, Status: 805
[Jun 20 17:44:44.428] Server {139680397477632} DEBUG: (http_trans) Adding Server: ATS/3.1.0-unstable
+++++++++ Proxy's Response 2 +++++++++
{code}
> Forward proxy: Can't create SSL connection to older Subversion Servers.
> -----------------------------------------------------------------------
>
> Key: TS-847
> URL: https://issues.apache.org/jira/browse/TS-847
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 3.1.0, 3.0.0
> Reporter: Igor Galić
> Attachments: 01_fail_ats_sfnet.cap, 02_pass_squid_sfnet.cap, 03_pass_ats_asf.cap, 04_pass_squid_asf.cap
>
>
> When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
> {noformat}
> igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
> svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
> 1 igalic@knock ~/src %
> {noformat}
> The squid.blog says:
> {noformat}
> 1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
> {noformat}
> While the error log says:
> {noformat}
> 20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
> {noformat}
> With newer versions of the Subversion server this works out fine, example the ASF's server:
> {noformat}
> igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
> A header_filter/example.conf
> A header_filter/rules.h
> A header_filter/NOTICE
> A header_filter/header_filter.cc
> A header_filter/LICENSE
> A header_filter/STATUS
> A header_filter/lulu.h
> A header_filter/CHANGES
> A header_filter/Makefile
> A header_filter/README
> A header_filter/rules.cc
> Checked out revision 1137808.
> igalic@knock ~/src %
> {noformat}
> I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
> * Failure with ATS (old subversion server: sf.net)
> * Success with Squid (same old subversion server: sf.net)
> * Success with ATS (new Subversion server: ASF)
> * Success with Squid (same new Subversion server: ASF)
> To force subversion through a proxy you need to edit ~/.subversion/servers
> {noformat}
> [global]
> http-proxy-host = localhost
> http-proxy-port = 8080
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-847:
-----------------------------
Backport to Version: 3.0.1
Fix Version/s: 3.1.0
> Forward proxy: Can't create SSL connection to older Subversion Servers.
> -----------------------------------------------------------------------
>
> Key: TS-847
> URL: https://issues.apache.org/jira/browse/TS-847
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 3.1.0, 3.0.0
> Reporter: Igor Galić
> Fix For: 3.1.0
>
> Attachments: 01_fail_ats_sfnet.cap, 02_pass_squid_sfnet.cap, 03_pass_ats_asf.cap, 04_pass_squid_asf.cap, TS-847.diff
>
>
> When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
> {noformat}
> igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
> svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
> 1 igalic@knock ~/src %
> {noformat}
> The squid.blog says:
> {noformat}
> 1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
> {noformat}
> While the error log says:
> {noformat}
> 20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
> {noformat}
> With newer versions of the Subversion server this works out fine, example the ASF's server:
> {noformat}
> igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
> A header_filter/example.conf
> A header_filter/rules.h
> A header_filter/NOTICE
> A header_filter/header_filter.cc
> A header_filter/LICENSE
> A header_filter/STATUS
> A header_filter/lulu.h
> A header_filter/CHANGES
> A header_filter/Makefile
> A header_filter/README
> A header_filter/rules.cc
> Checked out revision 1137808.
> igalic@knock ~/src %
> {noformat}
> I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
> * Failure with ATS (old subversion server: sf.net)
> * Success with Squid (same old subversion server: sf.net)
> * Success with ATS (new Subversion server: ASF)
> * Success with Squid (same new Subversion server: ASF)
> To force subversion through a proxy you need to edit ~/.subversion/servers
> {noformat}
> [global]
> http-proxy-host = localhost
> http-proxy-port = 8080
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-847:
-----------------------------
Attachment: TS-847.diff
Igor, can you test the included patch? That seems to fix this problem for me at least.
> Forward proxy: Can't create SSL connection to older Subversion Servers.
> -----------------------------------------------------------------------
>
> Key: TS-847
> URL: https://issues.apache.org/jira/browse/TS-847
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 3.1.0, 3.0.0
> Reporter: Igor Galić
> Attachments: 01_fail_ats_sfnet.cap, 02_pass_squid_sfnet.cap, 03_pass_ats_asf.cap, 04_pass_squid_asf.cap, TS-847.diff
>
>
> When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
> {noformat}
> igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
> svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
> 1 igalic@knock ~/src %
> {noformat}
> The squid.blog says:
> {noformat}
> 1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
> {noformat}
> While the error log says:
> {noformat}
> 20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
> {noformat}
> With newer versions of the Subversion server this works out fine, example the ASF's server:
> {noformat}
> igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
> A header_filter/example.conf
> A header_filter/rules.h
> A header_filter/NOTICE
> A header_filter/header_filter.cc
> A header_filter/LICENSE
> A header_filter/STATUS
> A header_filter/lulu.h
> A header_filter/CHANGES
> A header_filter/Makefile
> A header_filter/README
> A header_filter/rules.cc
> Checked out revision 1137808.
> igalic@knock ~/src %
> {noformat}
> I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
> * Failure with ATS (old subversion server: sf.net)
> * Success with Squid (same old subversion server: sf.net)
> * Success with ATS (new Subversion server: ASF)
> * Success with Squid (same new Subversion server: ASF)
> To force subversion through a proxy you need to edit ~/.subversion/servers
> {noformat}
> [global]
> http-proxy-host = localhost
> http-proxy-port = 8080
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-847) Forward proxy: Can't create SSL
connection to older Subversion Servers.
Posted by "Igor Galić (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13052450#comment-13052450 ]
Igor Galić commented on TS-847:
-------------------------------
tested trunk with multiple different servers: works every time.
> Forward proxy: Can't create SSL connection to older Subversion Servers.
> -----------------------------------------------------------------------
>
> Key: TS-847
> URL: https://issues.apache.org/jira/browse/TS-847
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 3.1.0, 3.0.0
> Reporter: Igor Galić
> Fix For: 3.1.0
>
> Attachments: 01_fail_ats_sfnet.cap, 02_pass_squid_sfnet.cap, 03_pass_ats_asf.cap, 04_pass_squid_asf.cap, TS-847.diff
>
>
> When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:
> {noformat}
> igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
> svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
> 1 igalic@knock ~/src %
> {noformat}
> The squid.blog says:
> {noformat}
> 1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
> 1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
> {noformat}
> While the error log says:
> {noformat}
> 20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
> {noformat}
> With newer versions of the Subversion server this works out fine, example the ASF's server:
> {noformat}
> igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
> A header_filter/example.conf
> A header_filter/rules.h
> A header_filter/NOTICE
> A header_filter/header_filter.cc
> A header_filter/LICENSE
> A header_filter/STATUS
> A header_filter/lulu.h
> A header_filter/CHANGES
> A header_filter/Makefile
> A header_filter/README
> A header_filter/rules.cc
> Checked out revision 1137808.
> igalic@knock ~/src %
> {noformat}
> I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:
> * Failure with ATS (old subversion server: sf.net)
> * Success with Squid (same old subversion server: sf.net)
> * Success with ATS (new Subversion server: ASF)
> * Success with Squid (same new Subversion server: ASF)
> To force subversion through a proxy you need to edit ~/.subversion/servers
> {noformat}
> [global]
> http-proxy-host = localhost
> http-proxy-port = 8080
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira