Bug 1573737 - LWP should use a CONNECT tunnel for HTTPS requests when using a proxy
Summary: LWP should use a CONNECT tunnel for HTTPS requests when using a proxy
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: perl-libwww-perl
Version: 7.5
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: perl-maint-list
QA Contact: BaseOS QE - Apps
Depends On: 1573132
TreeView+ depends on / blocked
Reported: 2018-05-02 07:47 UTC by Petr Pisar
Modified: 2019-11-21 15:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of: 1573132
Last Closed: 2019-11-21 15:13:09 UTC
Target Upstream Version:

Attachments (Terms of Use)
Upstream fix (7.41 KB, patch)
2018-05-02 07:48 UTC, Petr Pisar
no flags Details | Diff
Fix ported to 6.05 (7.46 KB, patch)
2019-08-07 16:41 UTC, Petr Pisar
no flags Details | Diff

Description Petr Pisar 2018-05-02 07:47:01 UTC
+++ This bug was initially created as a clone of Bug #1573132 +++
--- Additional comment from  on 2018-04-30 13:04:28 GMT ---

I will explain our usage:
We do have perl scripts, that connect via http proxy towards a https servers. For this CONNECT method is required to be used. The delivered version does not accept this and is sending 'GET https://<host>' which is correctly answered by proxy with 501 - not implemented.

We had these perl scripts running successfully on debian and found now, they are not working in RHEL. We drilled it down to the updates made with this commit for LWP-Protocol-https https://github.com/libwww-perl/LWP-Protocol-https/commit/ec57b73f6a73135f37fbc147bbae99ab8d20b9aa and the corresponding patch in libwww-perl you mentioned as requirement https://github.com/libwww-perl/libwww-perl/commit/cb80c2ddb70dff2f892ade86d2aa5ce4939442f8

--- Additional comment from Petr Pisar on 2018-05-02 07:41:08 GMT ---

According to "5.3.2. absolute-form" section of RFC 7230, clients can pass an absolute URL to a non-CONNECT method when talking to a proxy <https://tools.ietf.org/html/rfc7230#section-5.3.2>:


Technically it's an issue with your proxy that does not fully implement RFC 7230.

However, I can imagine that it can be a security concern if a client needs end-do-end encryption. And also in your case a compatibility issue.


Affected packages:


--- Additional comment from Petr Pisar on 2018-05-02 07:42 GMT ---

perl-libwww-perl fix requires a change in perl-LWP-Protocol-https (bug #1573132).

Comment 1 Petr Pisar 2018-05-02 07:48:03 UTC
Created attachment 1429746 [details]
Upstream fix

Comment 5 Petr Pisar 2019-08-07 16:41:37 UTC
Created attachment 1601457 [details]
Fix ported to 6.05

Comment 6 Petr Pisar 2019-11-21 15:13:09 UTC
Red Hat does not plan to add this feature into Red Hat Enterprise Linux 7 and recommends you to move to Red Hat Enterprise Linux 8 that contains this feature.

Note You need to log in before you can comment on or make changes to this bug.