Browse Source

http: Fix Host header in proxied https connections

Currently CONNECT requests use the name of the proxy as Host value, instead of
the origin server's name.

According to RFC 2616 "The Host field value MUST represent the naming authority
of the origin server or gateway given by the original URL."

The current implementation causes problems with some proxy vendors. This
commit fixes this.

[jak: Adding a test case]
See merge request apt-team/apt!66

(cherry picked from commit 86d4d98060)
LP: #1838771
tags/debian/1.8.4
Simon Körner Julian Andres Klode 2 years ago
parent
commit
162a585ac1
2 changed files with 25 additions and 3 deletions
  1. +3
    -3
      methods/http.cc
  2. +22
    -0
      test/integration/test-proxy-connect

+ 3
- 3
methods/http.cc View File

@@ -320,14 +320,14 @@ static ResultState UnwrapHTTPConnect(std::string Host, int Port, URI Proxy, std:
std::string ProperHost;

if (Host.find(':') != std::string::npos)
ProperHost = '[' + Proxy.Host + ']';
ProperHost = '[' + Host + ']';
else
ProperHost = Proxy.Host;
ProperHost = Host;

// Build the connect
Req << "CONNECT " << Host << ":" << std::to_string(Port) << " HTTP/1.1\r\n";
if (Proxy.Port != 0)
Req << "Host: " << ProperHost << ":" << std::to_string(Proxy.Port) << "\r\n";
Req << "Host: " << ProperHost << ":" << std::to_string(Port) << "\r\n";
else
Req << "Host: " << ProperHost << "\r\n";



+ 22
- 0
test/integration/test-proxy-connect View File

@@ -0,0 +1,22 @@
#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'amd64'

buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable'

setupaptarchive
changetowebserver --request-absolute='uri'


msgmsg 'Check that host header we send for CONNECT is for target, not proxy'
echo "deb https://example.example/ example example" > rootdir/etc/apt/sources.list
rm -f rootdir/etc/apt/sources.list.d/*
echo "Acquire::http::Proxy \"http://localhost:${APTHTTPPORT}\";" > rootdir/etc/apt/apt.conf.d/99proxy

aptget update >/dev/null 2>&1
testsuccessequal "CONNECT example.example:443 HTTP/1.1\r
Host: example.example:443\r" grep -A1 "^CONNECT" aptarchive/webserver.log

Loading…
Cancel
Save