You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Adam Fisk (JIRA)" <ji...@apache.org> on 2013/02/06 23:30:13 UTC
[jira] [Created] (HTTPCLIENT-1318) Redirect to TLS site via TLS
proxy fails - incorrectly marked as insecure target route
Adam Fisk created HTTPCLIENT-1318:
-------------------------------------
Summary: Redirect to TLS site via TLS proxy fails - incorrectly marked as insecure target route
Key: HTTPCLIENT-1318
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1318
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient
Affects Versions: 4.2.3
Environment: All
Reporter: Adam Fisk
Fix For: 4.2.4
When configured to use a TLS proxy to a target site that is also TLS with a redirect response, HttpClient will incorrectly create a new target route marked as http and insecure rather than https and secure when generating the new request to the redirected location. This will result in exceptions like the trace below with:
"Unable to establish route: planned = {}->https://localhost:7777->http://www.exceptional.io; current = {s}->https://localhost:7777->http://www.exceptional.io"
In fact, the test producing that exception is targeting https://www.exceptional.io not http://www.exceptional.io, which is apparently correctly determined in the original request but not in the redirected request. One candidate for the suspect code is line 1112 of handleResponse in DefaultRequestDirector where the following line:
HttpHost newTarget = URIUtils.extractHost(uri);
creates a new target that is always HTTP regardless of whether or not the original target was HTTPS, with havoc ensuing from there. This is reproducible in this test over at LittleProxy:
https://github.com/adamfisk/LittleProxy/blob/master/src/test/java/org/littleshoot/proxy/EndToEndStoppingTest.java
org.apache.http.client.ClientProtocolException
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:909)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at org.littleshoot.proxy.EndToEndStoppingTest.runSiteTestWithHttpClient(EndToEndStoppingTest.java:167)
at org.littleshoot.proxy.EndToEndStoppingTest.testWithHttpClient(EndToEndStoppingTest.java:92)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
Caused by: org.apache.http.HttpException: Unable to establish route: planned = {}->https://localhost:7777->http://www.exceptional.io; current = {s}->https://localhost:7777->http://www.exceptional.io
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:846)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:649)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
... 27 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org