Package: proxytunnel
Version: 1.9.0-3
Severity: wishlist
Tags: patch
Hi,
thank you very much for the patch [1]. It works like a charm in cases
when I normally would use the '-E' option. Unfortunately there are
also setups around with two proxies involved requiring me to give
the '-X' option. This option is incompatible with the patch.
So I generalized the workaround of [1] somewhat to be usable
together with either the '-E' or the '-X' option. This is achieved
by giving the additional option '-W'.
Patch is attached. I successfully checked with 4 test cases:
proxytunnel -v -p proxy1.de:80 -d dest.de:1234
proxytunnel -v -p proxy1.de:80 -r proxy2.de:80 -d dest.de:1234
proxytunnel -v -W -E -p proxy1.de:443 -d dest.de:1234
proxytunnel -v -W -X -p proxy1.de:80 -r proxy2.de:443 -d dest.de:1234
I hope attaching the patch works. I am new to the debian bugtracking system.
Cheers
Thomas
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618698
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages proxytunnel depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libgnutls26 2.8.6-1+squeeze2 the GNU TLS library - runtime libr
ii libmhash2 0.9.9.9-1 Library for cryptographic hashing
proxytunnel recommends no packages.
Versions of packages proxytunnel suggests:
ii ssh 1:5.5p1-6+squeeze2 secure shell client and server (me
-- no debconf information
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/README proxytunnel/proxytunnel-1.9.0/README
--- proxytunnel.tmp/proxytunnel-1.9.0/README 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/README 2012-10-30 12:32:45.000000000 +0100
@@ -34,6 +34,9 @@
-d, --dest=STRING Destination host:port combination
-e, --encrypt SSL encrypt data between local proxy and destination
-E, --encrypt-proxy SSL encrypt data between client and local proxy
+ -W, --wa-Bug-29744 workaround ASF Bugzilla 29744, if SSL is active stop
+ using it after CONNECT (might not work on all setups;
+ see /usr/share/doc/proxytunnel/README.Debian.gz)
-X, --encrypt-remproxy Encrypt between 1st and 2nd proxy using SSL
Additional options for specific features:
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/cmdline.c proxytunnel/proxytunnel-1.9.0/cmdline.c
--- proxytunnel.tmp/proxytunnel-1.9.0/cmdline.c 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/cmdline.c 2012-10-30 17:18:48.000000000 +0100
@@ -59,6 +59,9 @@
" -e, --encrypt SSL encrypt data between local proxy and destination\n"
" -E, --encrypt-proxy SSL encrypt data between client and local proxy\n"
" -X, --encrypt-remproxy Encrypt between 1st and 2nd proxy using SSL\n"
+" -W, --wa-Bug-29744 Workaround ASF Bugzilla 29744: if SSL is active stop\n"
+" using it after CONNECT (might not work on all setups; see\n"
+" /usr/share/doc/proxytunnel/README.Debian.gz)\n"
#endif
"\n"
"Additional options for specific features:\n"
@@ -131,6 +134,7 @@
args_info->encrypt_given = 0;
args_info->encryptproxy_given = 0;
args_info->encryptremproxy_given = 0;
+ args_info->wa_Bug_29744_given = 0;
args_info->proctitle_given = 0;
/* No... we can't make this a function... -- Maniac */
@@ -156,6 +160,7 @@
args_info->encrypt_flag = 0; \
args_info->encryptproxy_flag = 0; \
args_info->encryptremproxy_flag = 0; \
+ args_info->wa_Bug_29744_flag = 0; \
args_info->proctitle_arg = NULL; \
}
@@ -198,12 +203,13 @@
{ "encrypt", 0, NULL, 'e' },
{ "encrypt-proxy", 0, NULL, 'E' },
{ "encrypt-remproxy",0,NULL, 'X' },
+ { "workaround Bug-29744", 0, NULL, 'W' },
{ NULL, 0, NULL, 0 }
};
- c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq", long_options, &option_index);
+ c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXWq", long_options, &option_index);
#else
- c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq" );
+ c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXWq" );
#endif
if (c == -1)
@@ -227,6 +233,12 @@
if( args_info->verbose_flag )
message("SSL client to proxy enabled\n");
break;
+
+ case 'W': /* if SSL is active stop it after CONNECT */
+ args_info->wa_Bug_29744_flag = !(args_info->wa_Bug_29744_flag);
+ if( args_info->verbose_flag )
+ message("If SSL is active stop it after CONNECT\n");
+ break;
#endif
case 'i': /* Run from inetd. */
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/cmdline.h proxytunnel/proxytunnel-1.9.0/cmdline.h
--- proxytunnel.tmp/proxytunnel-1.9.0/cmdline.h 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/cmdline.h 2012-10-30 12:08:14.000000000 +0100
@@ -46,6 +46,7 @@
int standalone_arg; /* Turn on stdalone (-a) on port */
int encrypt_flag; /* Turn on SSL encryption (default=off). */
int encryptproxy_flag; /* Turn on client to proxy SSL encryption (def=off).*/
+ int wa_Bug_29744_flag; /* Use SSL encryption only until CONNECT, if at all (def=off).*/
int encryptremproxy_flag; /* Turn on local to remote proxy SSL encryption (def=off).*/
char *proctitle_arg; /* Override process title (default=off). */
int help_given; /* Whether help was given. */
@@ -70,6 +71,7 @@
int encrypt_given; /* Whether encrypt was given */
int encryptproxy_given; /* Whether encrypt was given */
int encryptremproxy_given; /* Whether encrypt was given */
+ int wa_Bug_29744_given; /* Whether work around was given */
int proctitle_given; /* Whether to override process title */
};
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/http.c proxytunnel/proxytunnel-1.9.0/http.c
--- proxytunnel.tmp/proxytunnel-1.9.0/http.c 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/http.c 2012-10-30 12:29:32.000000000 +0100
@@ -149,6 +149,11 @@
// if( args_info.verbose_flag )
// message( "Data received from local proxy:\n");
+ if( args_info.wa_Bug_29744_flag && !args_info.encryptremproxy_flag && pts->ssl ) {
+ message( "Switching to non-SSL communication (local proxy)\n");
+ pts->ssl = 0;
+ }
+
/* Read the first line of the response and analyze it */
analyze_HTTP(pts);
@@ -191,6 +196,11 @@
// if( args_info.verbose_flag )
// message( "Received from remote proxy:\n");
+ if( args_info.wa_Bug_29744_flag && pts->ssl ) {
+ message( "Switching to non-SSL communication (remote proxy)\n");
+ pts->ssl = 0;
+ }
+
/* Read the first line of the response and analyze it */
analyze_HTTP(pts);
}
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/proxytunnel.1 proxytunnel/proxytunnel-1.9.0/proxytunnel.1
--- proxytunnel.tmp/proxytunnel-1.9.0/proxytunnel.1 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/proxytunnel.1 2012-10-30 17:13:53.000000000 +0100
@@ -65,6 +65,12 @@
Encrypt the data between the local proxy and the second-level proxy
using SSL.
.TP
+.B \-W, \-\-wa-Bug-29744
+If SSL is in use (by -e, -E, -X options) stop using it immediately after the
+CONNECT exchange to workaround apache server bugs. (Though this might not work
+on all setups;
+see /usr/share/doc/proxytunnel/README.Debian.gz for more details.)
+.TP
.B \-F STRING, \-\-passfile=STRING
The file containing Username & Password to send to HTTPS proxy for
authentification. This file uses the same format as .wgetrc, and so
