-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support connection to proxy via https scheme #417
Comments
@xformerfhs have you been able to get httpclient working with an https proxy with just that change? I was just trying it locally here and while it works on curl, it doesn't work with httpclient by monkey-patching just that to allow setting https proxy config, it hangs and times out. I'll look some more, but thought I'd drop a comment here in the meantime (I also know this is a 2+ year old issue so you may not even remember anymore :) |
@carlosantoniodasilva: Thanks for your comment. I did not actually try that change. I remember that I looked further into this and realized that I would have to dig really deep into ruby's http internals and I did not want to do this. It was meant as a suggestion to the Ruby developers. I really did not (and do not) understand why one would forbid to use a secure method and only allow an unsecure method. First I refactored my client to call curl instead of using ruby's http client like this:
Finally I switched programing language and implemented my client in Go. That worked perfectly. |
@xformerfhs makes sense, thanks for sharing. I don't think shelling out will be an option for me in this case, but I might give it a shot as well. I am looking into a few other alternatives in the meantime. Thanks again! |
I need to make a connection to a web site via an internet proxy. The proxy requires authentication. libcurl is able to use the https scheme for the connection to the proxy in order to make it possible to send the proxy authentication data in an encrypted form.
Unfortunately in module httpclient.rb, method "proxy=" there are the following lines:
So, it explicitely checks whether the scheme is "http" and raises an error if it is "https". This considerably weakens the security of proxy connections as the proxy authentication data are forced to be sent in the clear. As I mentioned already, libcurl supports the https scheme for the proxy connection.
I suggest that this check is modified like this:
Please note that this issue is not about the connection to be routed through the proxy. It is about the connection to the proxy itself.
In curl it is possible to call a web site through a proxy like this: curl --proxy https://some.proxy.com:12345 --proxy-user "aproxyuser:aproxypwd" "https://some.destination.com/someParameter"
This works and sends the proxy authentication data "aproxyuser:aproxypassword" through a TLS tunnel, so the are secured against eavesdropping.
The text was updated successfully, but these errors were encountered: