Bug 486324 - (yum with proxy) and (repo with https uri) / ssl request doesn't work throught proxy
Summary: (yum with proxy) and (repo with https uri) / ssl request doesn't work through...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: yum
Version: 5.2
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Packaging Maintenance Team
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-02-19 12:00 UTC by Leon Fauster
Modified: 2019-02-15 13:29 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-15 19:29:00 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Leon Fauster 2009-02-19 12:00:10 UTC
------------------------------------------------
Description of problem:
------------------------------------------------

Access to a ssl enabled local repository works fine without proxy

Access to a ssl enabled local repository with proxy doens't works


Repo-file:

[privEL]
name=privEL-$releasever - Base
#mirrorlist=https://priv.local/privEL/centos/?release=$releasever&arch=$basearch&repo=os
baseurl=https://35uvi7324657e65ufztf9:8utf7tfzfd5ezstrc3246@priv.local/privEL/centos/$releasever/os/$basearch/
gpgcheck=0
#gpgkey=https://priv.local/privEL/centos/RPM-GPG-KEY-privEL-5
enabled=0


CLI:

[root@l ~]# yum --noplugins --enablerepo=privEL update
https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 400: Bad Request
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: privEL. Please verify its path and try again


Proxys Log says:

2009/02/19 12:06:25| fwdDispatch: Cannot retrieve 'https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml'
1235042076.819     10 213.160.26.73 TCP_MISS/400 2189 GET https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml - DIRECT/88.84.156.90 text/html

See also: http://man.chinaunix.net/newsoft/squid/Squid_FAQ/FAQ-11.html#ss11.34





------------------------------------------------
Version-Release number of selected component (if applicable):
------------------------------------------------
yum-3.2.8-9.el5


------------------------------------------------
How reproducible:
------------------------------------------------

Add repo file above and 

 proxy=http://proxy:3128

into yum.conf

and execute 
 yum --enablerepo=privEL update

  
------------------------------------------------
Actual results:
------------------------------------------------

[root@l ~]# yum --noplugins --enablerepo=privEL update
https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 400: Bad Request
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: privEL. Please verify its path and try again


"[Errno 14] HTTP Error 400"  http ???



------------------------------------------------
Expected results:
------------------------------------------------

Should connect to proxy correctly and get repomd.xml

Without proxy works fine!

Comment 1 Leon Fauster 2009-02-19 12:18:18 UTC
The usability of the proxy is as follows confirmed with curl:

CLI:

$ export https_proxy=http://proxy:3128

$ curl --insecure https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml

connects through the proxy.


It doens't matter if i use basic http authentication or not:

https://35uvi7324657e65ufztf9:8utf7tfzfd5ezstrc3246@priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml
https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml

both are usable (if i change the config of repos webserver of course)

Regards P.M.

Comment 2 Leon Fauster 2009-02-23 21:34:47 UTC
Not sure if this is related:

http://bugs.python.org/issue1424152

Comment 3 seth vidal 2009-08-03 18:19:33 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=484491

the last 2 comments. Not for rhel5 - but something for the future.

Comment 5 James Antill 2013-03-12 20:28:21 UTC
 This should be fixed for RHEL-6.


This request was evaluated by Red Hat Engineering for inclusion in a Red 
Hat Enterprise Linux maintenance release.

Red Hat does not currently plan to provide this change in a Red Hat 
Enterprise Linux update release for currently deployed products.

With the goal of minimizing risk of change for deployed systems, and in 
response to customer and partner requirements, Red Hat takes a 
conservative approach when evaluating enhancements for inclusion in 
maintenance updates for currently deployed products. The primary 
objectives of update releases are to enable new hardware platform 
support and to resolve critical defects.

Comment 6 Wylie 2013-07-09 16:35:16 UTC
This is causing a big issue for DISA, and some Department of Defense systems.  Just FYSA.  Looks bad on Redhat not to fix in 5.x.

Comment 9 Zdeněk Pavlas 2013-09-26 14:10:05 UTC
(In reply to Leon Fauster from comment #2)
> Not sure if this is related:
> 
> http://bugs.python.org/issue1424152

This is the same issue, as in rhel5, urlgrabber uses urllib2. To use HTTP CONNECT tunelling, we'd need a patched Python. Python-2.4.3 shipped in rhel-5.10 does not include the patch (it's included in current Python-2.7 though).

rhel-5.10 $ grep 'def set_tunnel' /usr/lib/python*/httplib.py
=> no match

Comment 11 Andrius Benokraitis 2013-10-15 19:29:00 UTC
No additional minor releases are planned for Production Phase 2 in Red Hat Enterprise Linux 5, and therefore Red Hat is closing this bugzilla as it does not meet the inclusion criteria as stated in:
https://access.redhat.com/site/support/policy/updates/errata/#Production_2_Phase


Note You need to log in before you can comment on or make changes to this bug.