Red Hat Bugzilla – Bug 140723
support for authenticated proxies has regressed
Last modified: 2014-01-21 17:50:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Description of problem:
I am unable to use yum with an authenticated proxy. This is a
regression from FC2. yum fails to download correctly formed URLs.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
export http_proxy="http://user name:email@example.com:8080"
<watch packet trace with a sniffer>
Actual Results: Looking at the packet sniffer output it is obvious
what is wrong.
Proxy-authorization: Basic MIND_YOUR_OWN_BUSINESS
The new line beween Proxy-authorization and User-agent causes the
proxy server to consider this two requests. It correctly satifies the
first but reports an error for the second. yum does the following:
- reads the first reply from the handle
- issues another request
- reads the error from the handle
- bombs out
This is probably a python bug but yum was the tools that revealed it
to me. I have worked around this problem by altering yum see attached
patch. Although this solves the problem at hand this is a hack.
Created attachment 107390 [details]
Low quality band-aid patch to alleviate the problem
As already stated this avoids the problem rather then treating the cause.
If you get a chance- could you pull down yum from cvs and see if it
helps out the problem you're having?
Sorry for the delay in replying.
I've just downloaded a tarball from YUM viewcvs stuff (cannot use CVS
directly from this machine).
This did not work on FC3. Looking at the packet trace the problem of
the extra new line is still apparant.
Created attachment 118543 [details]
Remove a spurious newline from the authentication header
I finally got so fed up patching yum everytime it was updated I decided to find
the 'proper' fix for this problem.
It turns out to be a problem in Python's urllib2 library. The base64
encoder library included a newline on the end of the encoded string and this
was incorrectly being added to the header. A simple .rstrip() removed the
trailing whitespace and this fixes the broken header.
This non-hacky fix should be applied to Python.
Well, the even better fix would be to strip all newline characters in the string.
encodestring has the bad habit of adding new lines every 80 chars (I believe).
If the combination (username:password) happens to be longer than 58 chars,
we're back to a similar problem.
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.
I believe this issue is fixed in recent Fedora Cores (and is certainly not a