Bug 1487472

Summary: Incorrect "Host" header when connecting through a http proxy
Product: Red Hat Enterprise Linux 6 Reporter: Hao Chang Yu <hyu>
Component: python-rhsmAssignee: candlepin-bugs
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.10CC: candlepin-bugs, csnyder, khowell, rbobek, redakkan, rjerrido, skallesh
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: subscription-manager-1.21.1-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-19 05:21:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1461138, 1506745    
Attachments:
Description Flags
Proxy_header
none
server_header none

Description Hao Chang Yu 2017-09-01 02:49:59 UTC 
Description of problem:
This bug has been fixed and released in RHEL 7 but the same issue is happening in RHEL 6. Please refer to the following RHEL 7 bug for more details.

https://bugzilla.redhat.com/show_bug.cgi?id=1451166
Comment 2 Hao Chang Yu 2017-09-01 02:55:40 UTC 
The following patch has been provided to the customer and works.

python-rhsm-1.18.6-1.el6.x86_64

--- /usr/lib64/python2.6/site-packages/rhsm/connection.py	2017-08-11 08:25:22.774000005 +1000
+++ /tmp/connection.py	2017-08-11 08:25:12.128999977 +1000
@@ -479,6 +479,7 @@
                 proxy_headers['Proxy-Authorization'] = _encode_auth(self.proxy_user, self.proxy_password)
             conn = httplib.HTTPSConnection(self.proxy_hostname, self.proxy_port, context=context, timeout=self.timeout)
             conn.set_tunnel(self.host, safe_int(self.ssl_port), proxy_headers)
+            self.headers['Host'] = '%s:%s' % (self.host, safe_int(self.ssl_port))
         else:
             conn = httplib.HTTPSConnection(self.host, self.ssl_port, context=context, timeout=self.timeout)
Comment 3 Kevin Howell 2017-09-07 15:37:04 UTC 
Will be fixed in the next RHEL6 release via rebase to upstream.
Comment 7 Shwetha Kallesh 2018-03-16 15:07:32 UTC 
Created attachment 1408846 [details]
Proxy_header

Reproducer:

[root@ibm-himalaya ~]# subscription-manager  version
server type: Red Hat Subscription Management
subscription management server: Unknown
subscription management rules: Unknown
subscription-manager: 1.18.10-1.el6
python-rhsm: 1.18.6-1.el6

[root@ibm-himalaya ~]# cat /etc/rhsm/rhsm.conf | grep proxy
# an http proxy server to use
proxy_hostname = 10.3.112.29
# port for http proxy server
proxy_port = 8080
# user name for authenticating to an http proxy, if needed
proxy_user =
# password for basic http proxy auth, if needed
proxy_password =

[root@ibm-himalaya ~]# subscription-manager  register
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Username: shwetha_tier1_test
Password: 
The system has been registered with ID: 7e07bfa8-00bf-4a7c-a838-6a6fbf489fd1 

Attachment has the screenshot captured from mitmproxy , where the HOST is replaced by the proxy name "tyan-gt24-09.rhts.eng.bos.redhat.com" ( proxy_in_header.png)
Comment 8 Shwetha Kallesh 2018-03-16 15:11:08 UTC 
Created attachment 1408848 [details]
server_header

Verification:

[root@hp-dl380gen9-01 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: Unknown
subscription management rules: Unknown
subscription-manager: 1.20.10-3.el6


[root@hp-dl380gen9-01 ~]# subscription-manager register --force
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Username: shwetha_tier1_test
Password: 
The system has been registered with ID: 1e3686cc-2a34-4f14-a820-83870cb32c75
The registered system name is: hp-dl380gen9-01.khw.lab.eng.bos.redhat.com

Attachment has the screenshotcaptured  from mitmproxy , where the HOST is same as the server which is subscription.rhsm.stage.redhat.com  ( server_header.png)
Comment 11 Shwetha Kallesh 2018-04-24 08:14:18 UTC 
moving bug to verified as per comment 8
Comment 14 errata-xmlrpc 2018-06-19 05:21:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1916