Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tunneling to https with an auth http proxy #3429

Open
drallieiv opened this issue Jun 24, 2017 · 2 comments
Open

Tunneling to https with an auth http proxy #3429

drallieiv opened this issue Jun 24, 2017 · 2 comments
Labels
bug Bug in existing code
Milestone
Backlog

Comments

@drallieiv
Copy link

I tried using okhttp to connect to an https page using a http proxy

If I run a test, it seems to pass by RealConnection::createTunnel

The initial call responds with a 407 asking for auth and passes trough

        case HTTP_PROXY_AUTH:
          tunnelRequest = route.address().proxyAuthenticator().authenticate(route, response);
          if (tunnelRequest == null) throw new IOException("Failed to authenticate with proxy");

          if ("close".equalsIgnoreCase(response.header("Connection"))) {
            return tunnelRequest;
          }
          break;

but when I look at the headers I am getting :

Proxy-Authenticate: Basic realm="proxy"
Proxy-Connection: close
Content-type: text/html; charset=utf-8

The header equal to close is Proxy-Connection and not Connection. And thus it does not goes trough a proxy.

If I do the same process using curl in verbose mode, I see that it makes a tunnel, like it should do when using http to call https.

The question is :

Is the proxy returning a bad response, or should OkHttp be reading the right header (or both) ?
@drallieiv drallieiv mentioned this issue Jun 24, 2017
Open
@swankjesse
Copy link
Collaborator

Looks like RFC 7230 has advice on the Proxy-Connection header. We might be better to handle Connection: close when talking to a proxy. We can experiment to see what Firefox & Chrome do.

@swankjesse swankjesse added the bug Bug in existing code label Jul 31, 2017
@swankjesse swankjesse added this to the 3.10 milestone Jul 31, 2017
@ljun20160606 ljun20160606 mentioned this issue Dec 8, 2017
Closed
@swankjesse swankjesse modified the milestones: 3.10, 3.11 Feb 18, 2018
@apprme
Copy link

apprme commented Sep 27, 2018
edited
Loading

We are having the same issue with squid/2.6.STABLE21, it sends Proxy-Connection: close header with 407 response code, so we end up with

java.io.IOException: unexpected end of stream on null
	at okhttp3.internal.http1.Http1Codec.readResponseHeaders(Http1Codec.java:208)
	at okhttp3.internal.connection.RealConnection.createTunnel(RealConnection.java:375)
	at okhttp3.internal.connection.RealConnection.connectTunnel(RealConnection.java:218)
	at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:159)
	at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257)
	at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
	at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at delightex.platform.android.AndroidHttp.lambda$static$1(AndroidHttp.java:35)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
	at okhttp3.RealCall.execute(RealCall.java:77)
	at delightex.platform.android.AndroidHttp.openConnection(AndroidHttp.java:231)
	at delightex.platform.android.AndroidHttp.access$100(AndroidHttp.java:23)
	at delightex.platform.android.AndroidHttp$1.run(AndroidHttp.java:142)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: \n not found: limit=0 content=…
	at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:237)
	at okhttp3.internal.http1.Http1Codec.readHeaderLine(Http1Codec.java:215)
	at okhttp3.internal.http1.Http1Codec.readResponseHeaders(Http1Codec.java:189)
	... 28 more

apparently after repeating CONNECT... request with Proxy-Authorization header and then trying to read from the connection that has already been closed by the server a while ago (right after it sent 407).

Changing "Connection" to "Proxy-Connection" here fixes the issue for us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug in existing code
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@swankjesse @drallieiv @apprme