fix(http): use the right protocol for proxies #386
Conversation
Max1Truc
force-pushed
the
Max1Truc/https-over-http-proxy-fix
branch
from
f483020 to
b976764
Compare
|
After testing, this was too simple to be true. At least one proxy program (Privoxy) requires the user to use the CONNECT verb. I'm now going to use CONNECT on HTTPS requests. |
Max1Truc
force-pushed
the
Max1Truc/https-over-http-proxy-fix
branch
from
b976764 to
bd0f2ea
Compare
|
I could not figure a clean way of handling https over an https proxy, but it seems to be a luasec problem. This PR thus only changes the behavior of http over an https proxy or https over an http proxy. |
|
By the way, this is a bit weird. What do you think ? Would it be worth it ? Edit: This would also fix the https over https problem, but this PR is probably enough for now as it fixes http over https and https over http. I also have no idea if the PR for luasec is possible. |
If that's the hold up to making this cleaner and it's correct behavior then yes I think it is worth a shot. Would that by any chance be already covered in this open PR? |
Max1Truc
force-pushed
the
Max1Truc/https-over-http-proxy-fix
branch
from
30df3f2 to
4c06772
Compare
Ok, I'll have a look.
Sadly, it seems session reuse doesn't solve our problem. |
|
Where are we at with this? |
|
I don't have the time for now, but it needs a Pull Request to luasec to allow wrapping tcp over tcp, and after my initial research such a PR would need to use C and OpenSSL. This Pull Request is thus in pause, waiting for an update from luasec I guess. |
|
Okay. Let me know if there is something actionable. I don't have time to dig into luasec and contribute anything upstream at the moment, but will help facilitate this getting through when possible. Also even if it is a little messy given a "proper" fix won't be timely if there is a way to shim things on this end that isolates the temporary code in a non-breaking way but that can get people by while they wait pending proper upstream support in the future we could consider that too. |
The LuaSec project has recently been migrated to this org and we have a few more maintainers around to poke it and facilitate contributions if there is still something that needs to be fixed on that end of things. Just FYI. |
|
Thanks, I'll have a look. |
Max1Truc
force-pushed
the
Max1Truc/https-over-http-proxy-fix
branch
from
d78986f to
c19b111
Compare
|
This PR should be focused on using the right protocol while connecting to proxies, and the last force-push reflects this. I'll handle the CONNECT verb in another PR. I'll let you know when I'll have thoroughly tested this implementation. |
Max1Truc
force-pushed
the
Max1Truc/https-over-http-proxy-fix
branch
from
c19b111 to
8051b11
Compare
Previously, if doing a request to http://website.example.org through https://proxy.example.org, luasocket wouldn't use TLS and vice-versa
Max1Truc
force-pushed
the
Max1Truc/https-over-http-proxy-fix
branch
from
8051b11 to
ebe3eeb
Compare
|
Ok great, this PR looks good to me. Feel free to review it. Previously, luasocket wouldn't work with anything involving tls and proxies, with this PR luasocket supports http over an https proxy. https over http* works with some proxies (e.g. tailscale in user mode) but not many, as it does not follow the standard ( I tested using tinyproxy as a proxy, and using socat to forward tls-encrypted packets back-and-forth between luasocket and tinyproxy. I'm not sure how to (and whether I should) create automated tests for it though. That should probably be addressed in another PR anyway. |
|
This project has serious issues with testing and we need to work up a way to make Busted setup and tear down some server and client processes. A proxy would need to be part of that of course. |
|
Is there an issue for adding proper tests to luasocket ? |
|
I thought there was but I couldn't find to link in my last comment. Feel free to open one! |
Fixes #385.
Needs some testing before merging.