Bug 1451166
Summary: | Incorrect "Host" header when connecting through a http proxy | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Hao Chang Yu <hyu> | ||||||
Component: | python-rhsm | Assignee: | Kevin Howell <khowell> | ||||||
Status: | CLOSED ERRATA | QA Contact: | John Sefler <jsefler> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 7.3 | CC: | khowell, redakkan, skallesh | ||||||
Target Milestone: | rc | Keywords: | Triaged | ||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | python-rhsm-1.19.7-1 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2017-08-01 19:23:41 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Hao Chang Yu
2017-05-16 02:01:17 UTC
For python-rhsm-1.17.9-1.el7.x86_64: Customer can register to rhsm successfully with the following patch. diff -u /usr/lib64/python2.7/site-packages/rhsm/connection.py /tmp/connection.py --- /usr/lib64/python2.7/site-packages/rhsm/connection.py 2017-05-16 02:07:37.898000000 +0000 +++ /tmp/connection.py 2017-05-16 02:06:47.734000000 +0000 @@ -289,6 +289,13 @@ else: httpslib.HTTPSConnection.endheaders(self) + def putrequest(self, *args, **kwargs): + httpslib.ProxyHTTPSConnection.putrequest(self, *args, **kwargs) + for i, header in enumerate(self._buffer): + if header.startswith("Host"): + del self._buffer[i] + self.putheader('Host', "%s:%s" % (self._real_host, self._real_port)) + def _get_connect_msg(self): """ Return an HTTP CONNECT request to send to the proxy. """ port = safe_int(self._real_port) Note to dev: please verify whether this is still an issue with the following environments: - el6 (which uses m2crypto) - el7 (7.4 now uses python stdlib) Note that 7.3 (described in comment 0) used m2crypto. Depending on what we find, we may need to move this BZ to RHEL6 (where m2crypto is still in use) or clone. Reproducing the failure: ========================= subscription management server: 2.1.1-1 subscription management rules: 5.23 subscription-manager: 1.19.15-1.el7 python-rhsm: 1.19.6-1.el7 Used mitmproxy to verify this bug (configuration details in additional info section ) , set proxy details in the config [root@ibm-x3250m3-01 ~]# subscription-manager config --list | grep proxy_ proxy_hostname = tyan-gt24-09.rhts.eng.bos.redhat.com proxy_password = [] proxy_port = 8080 proxy_user = [] [root@ibm-x3250m3-01 ~]# subscription-manager register --username=admin --password=**** --org=admin --force Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin The system has been registered with ID: fb04d163-0f0c-494f-b714-563c93474323 Attached the screen shot from mitmproxy , where the HOST is replaced by the proxy name "tyan-gt24-09.rhts.eng.bos.redhat.com" ( proxy_in_header.png) Verifying with latest subscription-manager : ========================================== subscription management server: 2.1.1-1 subscription management rules: 5.23 subscription-manager: 1.19.17-1.el7 python-rhsm: 1.19.8-1.el7 [root@dhcp151-206 ~]# subscription-manager register --username=admin --password=**** --org=admin Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin The system has been registered with ID: 8565c39e-96ee-49f4-a345-74e6b87feea8 Attached the screen shot from mitmproxy , where the HOST is same as the server which is F21-candlepin.usersys.redhat.com ( server_in_header.png) ^^ Based on the above observation , moving the bug as verified!! Additional notes on setting up mitmproxy: ======================================= 1)Install mitmproxy (see http://docs.mitmproxy.org/en/stable/install.html#installation-from-source-on-fedora) 2)Configure mitmproxy via ~/.mitmproxy/mitmproxy.conf (set bind-address to 0.0.0.0); set port if necessary. Config file is just plain key=values. 3)Run `mitmproxy --insecure` 4) Point subscription-manager at the mitmproxy instance (hostname - fedora box; port: 8080 (by default). make sure insecure in set to 1 5) Run some subscription-manager commands (example in the bug), and observe the headers in mitmproxy interface. unpatched, Host shows up as the proxy hostname/port patched, Host shows up as the server hostname/port Created attachment 1284160 [details]
proxy_in_header
Created attachment 1284162 [details]
server_in_header
*** Bug 1435331 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2083 |