summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Körner <git@lubiland.de>2019-05-18 00:32:15 +0200
committerJulian Andres Klode <julian.klode@canonical.com>2019-06-11 17:27:34 +0200
commit86d4d98060f36c7e71c34af20a1193a75496ef72 (patch)
tree10acbdf79bae5b8ad01bfef3c10380ef7cb9f081
parent9244f712396c10b674740cc79fdab61c47173d04 (diff)
http: Fix Host header in proxied https connections
Currently CONNECT requests use the name of the proxy as Host value, instead of the origin server's name. According to RFC 2616 "The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL." The current implementation causes problems with some proxy vendors. This commit fixes this. [jak: Adding a test case] See merge request apt-team/apt!66
-rw-r--r--methods/http.cc6
-rwxr-xr-xtest/integration/test-proxy-connect22
2 files changed, 25 insertions, 3 deletions
diff --git a/methods/http.cc b/methods/http.cc
index d3e16bba3..a4d187189 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -320,14 +320,14 @@ static ResultState UnwrapHTTPConnect(std::string Host, int Port, URI Proxy, std:
std::string ProperHost;
if (Host.find(':') != std::string::npos)
- ProperHost = '[' + Proxy.Host + ']';
+ ProperHost = '[' + Host + ']';
else
- ProperHost = Proxy.Host;
+ ProperHost = Host;
// Build the connect
Req << "CONNECT " << Host << ":" << std::to_string(Port) << " HTTP/1.1\r\n";
if (Proxy.Port != 0)
- Req << "Host: " << ProperHost << ":" << std::to_string(Proxy.Port) << "\r\n";
+ Req << "Host: " << ProperHost << ":" << std::to_string(Port) << "\r\n";
else
Req << "Host: " << ProperHost << "\r\n";
diff --git a/test/integration/test-proxy-connect b/test/integration/test-proxy-connect
new file mode 100755
index 000000000..17927c9db
--- /dev/null
+++ b/test/integration/test-proxy-connect
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+setupenvironment
+configarchitecture 'amd64'
+
+buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable'
+
+setupaptarchive
+changetowebserver --request-absolute='uri'
+
+
+msgmsg 'Check that host header we send for CONNECT is for target, not proxy'
+echo "deb https://example.example/ example example" > rootdir/etc/apt/sources.list
+rm -f rootdir/etc/apt/sources.list.d/*
+echo "Acquire::http::Proxy \"http://localhost:${APTHTTPPORT}\";" > rootdir/etc/apt/apt.conf.d/99proxy
+
+aptget update >/dev/null 2>&1
+testsuccessequal "CONNECT example.example:443 HTTP/1.1\r
+Host: example.example:443\r" grep -A1 "^CONNECT" aptarchive/webserver.log