+2008-04-26 Micah Cowan <micah@cowan.name>
+
+ * http.c (gethttp): Move proxy CONNECT handling to below the
+ retry_with_auth label, to deal with properly reconnecting to
+ proxies when we need to authenticate.
+
2008-04-25 Micah Cowan <micah@cowan.name>
* Makefile.am: -I foo -> -Ifoo.
basic_auth_finished = maybe_send_basic_creds(u->host, user, passwd, req);
}
- proxyauth = NULL;
- if (proxy)
- {
- char *proxy_user, *proxy_passwd;
- /* For normal username and password, URL components override
- command-line/wgetrc parameters. With proxy
- authentication, it's the reverse, because proxy URLs are
- normally the "permanent" ones, so command-line args
- should take precedence. */
- if (opt.proxy_user && opt.proxy_passwd)
- {
- proxy_user = opt.proxy_user;
- proxy_passwd = opt.proxy_passwd;
- }
- else
- {
- proxy_user = proxy->user;
- proxy_passwd = proxy->passwd;
- }
- /* #### This does not appear right. Can't the proxy request,
- say, `Digest' authentication? */
- if (proxy_user && proxy_passwd)
- proxyauth = basic_authentication_encode (proxy_user, proxy_passwd);
-
- /* If we're using a proxy, we will be connecting to the proxy
- server. */
- conn = proxy;
-
- /* Proxy authorization over SSL is handled below. */
-#ifdef HAVE_SSL
- if (u->scheme != SCHEME_HTTPS)
-#endif
- request_set_header (req, "Proxy-Authorization", proxyauth, rel_value);
- }
-
/* Generate the Host header, HOST:PORT. Take into account that:
- Broken server-side software often doesn't recognize the PORT
without authorization header fails. (Expected to happen at least
for the Digest authorization scheme.) */
+ proxyauth = NULL;
+ if (proxy)
+ {
+ char *proxy_user, *proxy_passwd;
+ /* For normal username and password, URL components override
+ command-line/wgetrc parameters. With proxy
+ authentication, it's the reverse, because proxy URLs are
+ normally the "permanent" ones, so command-line args
+ should take precedence. */
+ if (opt.proxy_user && opt.proxy_passwd)
+ {
+ proxy_user = opt.proxy_user;
+ proxy_passwd = opt.proxy_passwd;
+ }
+ else
+ {
+ proxy_user = proxy->user;
+ proxy_passwd = proxy->passwd;
+ }
+ /* #### This does not appear right. Can't the proxy request,
+ say, `Digest' authentication? */
+ if (proxy_user && proxy_passwd)
+ proxyauth = basic_authentication_encode (proxy_user, proxy_passwd);
+
+ /* If we're using a proxy, we will be connecting to the proxy
+ server. */
+ conn = proxy;
+
+ /* Proxy authorization over SSL is handled below. */
+#ifdef HAVE_SSL
+ if (u->scheme != SCHEME_HTTPS)
+#endif
+ request_set_header (req, "Proxy-Authorization", proxyauth, rel_value);
+ }
+
keep_alive = false;
/* Establish the connection. */
+2008-04-26 Micah Cowan <micah@cowan.name>
+
+ * Makefile.am, Test-proxied-https-auth.px: Added a test for
+ accessing password-protected HTTPS URLs through a proxy (via
+ CONNECT).
+
2008-04-10 Micah Cowan <micah@cowan.name>
- * Makefile.in, Test-proxy-auth-basic.px: Added a test for
+ * Makefile.am, Test-proxy-auth-basic.px: Added a test for
accessing password-protected URLs through a proxy.
2008-01-25 Micah Cowan <micah@cowan.name>
./unit-tests$(EXEEXT)
run-px-tests: WgetTest.pm
+ $(PERLRUN) $(srcdir)/Test-proxied-https-auth.px && echo && echo
$(PERLRUN) $(srcdir)/Test-proxy-auth-basic.px && echo && echo
$(PERLRUN) $(srcdir)/Test-auth-basic.px && echo && echo
$(PERLRUN) $(srcdir)/Test-c-full.px && echo && echo
--- /dev/null
+#!/usr/bin/perl
+use warnings;
+use strict;
+
+use WgetTest; # For $WGETPATH.
+use HTTP::Daemon;
+use HTTP::Request;
+use IO::Socket::SSL 'debug4';
+
+sub get_request {
+ my $conn = shift;
+ my $content = '';
+ my $line;
+
+ while (defined ($line = <$conn>)) {
+ $content .= $line;
+ last if $line eq "\r\n";
+ }
+
+ my $rqst = HTTP::Request->parse($content)
+ or die "Couldn't parse request:\n$content\n";
+
+ return $rqst;
+}
+
+sub do_server {
+ my $alrm = alarm 10;
+
+ my $s = HTTP::Daemon->new (LocalAddr => 'localhost',
+ LocalPort => '8080',
+ ReuseAddr => 1) or die "Cannot create server!!!";
+ my $conn;
+ my $rqst;
+ my $rspn;
+ for my $expect_inner_auth (0, 1) {
+ $conn = $s->accept;
+ $rqst = $conn->get_request;
+
+ # TODO: expect no auth the first time, request it, expect it the second
+ # time.
+
+ die "Method not CONNECT\n" if ($rqst->method ne 'CONNECT');
+ $rspn = HTTP::Response->new(200, 'OK');
+ $conn->send_response($rspn);
+
+ $conn = IO::Socket::SSL->new_from_fd($conn->fileno, SSL_server => 1,
+ SSL_passwd_cb => sub { return "Hello"; })
+ or die "Couldn't initiate SSL";
+
+ $rqst = &get_request($conn)
+ or die "Didn't get proxied request\n";
+
+ unless ($expect_inner_auth) {
+ die "Early proxied auth\n" if $rqst->header('Authorization');
+
+ # TODO: handle non-persistent connection here.
+ $rspn = HTTP::Response->new(401, 'Unauthorized', [
+ 'WWW-Authenticate' => 'Basic realm="gondor"',
+ Connection => 'close'
+ ]);
+ $rspn->protocol('HTTP/1.0');
+ print $rspn->as_string;
+ print $conn $rspn->as_string;
+ } else {
+ die "No proxied auth\n" unless $rqst->header('Authorization');
+
+ $rspn = HTTP::Response->new(200, 'OK', [
+ 'Content-Type' => 'text/plain',
+ 'Connection' => 'close',
+ ], "foobarbaz\n");
+ print $conn $rspn->as_string;
+ }
+ $conn->close;
+ }
+ undef $conn;
+ undef $s;
+ alarm $alrm;
+}
+
+sub fork_server {
+ my $pid = fork;
+ die "Couldn't fork" if ($pid < 0);
+ return $pid if $pid;
+
+ &do_server;
+ exit;
+}
+
+system ('rm -f needs-auth.txt');
+&fork_server;
+
+sleep 1;
+my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+ . " --password=Dodgson -e https_proxy=localhost:8080"
+ . " --no-check-certificate"
+ . " https://no.such.domain/needs-auth.txt";
+
+my $code = system($cmdline);
+
+warn "Got code: $code\n" if $code;
+exit $code;