https://bugzilla.novell.com/show_bug.cgi?id=214983 ------- Comment #5 from poeml@novell.com 2006-10-26 02:51 MST ------- Oh, I indeed overlooked that I didn't check with HTTPS proxy on 10.0. The HTTPS proxy "proxy.suse.de:3128" works, as can be seen here (149.44.160.33 is its IP): strace -econnect w3m -dump 'https://imap.suse.de' > /dev/null connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(3, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("149.44.160.33")}, 16) = 0 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.0.1")}, 28) = 0 Process 13023 detached Running this command: https_proxy=http://proxy.suse.de:3128 python -c "import urllib2; urllib2.urlopen('https://imap.suse.de').read()" and using ssldump, one can see the traffic: # ssldump -X -d -A -i eth0 host proxy.suse.de and port 3128 New TCP connection #1: batavia510.suse.de(55683) <-> siddhartha.suse.de(3128) 0.0007 (0.0007) C>S --------------------------------------------------------------- GET https://imap.suse.de HTTP/1.1 Accept-Encoding: identity Host: imap.suse.de Connection: close User-agent: Python-urllib/2.4 --------------------------------------------------------------- 0.0033 (0.0025) S>C --------------------------------------------------------------- HTTP/1.0 400 Bad Request Server: squid/2.5.STABLE5 Mime-Version: 1.0 Date: Thu, 26 Oct 2006 07:59:25 GMT Content-Type: text/html Content-Length: 1056 Expires: Thu, 26 Oct 2006 07:59:25 GMT X-Squid-Error: ERR_UNSUP_REQ 0 X-Cache: MISS from proxy.suse.de X-Cache-Lookup: MISS from proxy.suse.de:3128 Proxy-Connection: close <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The requested URL could not be retrieved</TITLE> <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE> </HEAD><BODY> <H1>ERROR</H1> <H2>The requested URL could not be retrieved</H2> <HR noshade size="1px"> <P> While trying to retrieve the URL: <A HREF="https://imap.suse.de">https://imap.suse.de</A> <P> The following error was encountered: <UL> <LI> <STRONG> Unsupported Request Method and Protocol </STRONG> </UL> <P> Squid does not support all request methods for all access protocols. For example, you can not POST a Gopher request. <P>Your cache administrator is <A HREF="mailto:sysadmin@suse.de">sysadmin@suse.de</A>. <BR clear="all"> <HR noshade size="1px"> <ADDRESS> Generated Thu, 26 Oct 2006 07:59:25 GMT by proxy.suse.de (squid/2.5.STABLE5) </ADDRESS> </BODY></HTML> --------------------------------------------------------------- 1 0.0033 (0.0000) S>C TCP FIN 1 0.0166 (0.0133) C>S TCP RST Instead, it needs to look like this: --------------------------------------------------------------- CONNECT imap.suse.de:443 HTTP/1.0 User-Agent: w3m/0.5.1 Accept: text/*, image/*, audio/*, application/*, video/*, off_image/* Accept-Encoding: gzip, compress, bzip, bzip2, deflate Accept-Language: en; q=1.0 Host: imap.suse.de --------------------------------------------------------------- But: # rpm -ql python | xargs grep "\<CONNECT\>" [1] 13171 done rpm -ql python | 13172 exit 123 xargs grep "\<CONNECT\>" So I *don't* think, that python's urllib2/httplib/socket modules *have* support for requests via HTTPS proxies. There is a recent posting which describes the same: http://mail.python.org/pipermail/python-list/2006-August/355285.html I wonder why urllib2 honours the https_proxy variable at all, even though it doesn't know how to deal with it. This patch http://mail.python.org/pipermail/python-dev/2005-December/058817.html supposedly fixes authentication for https proxies, which sounds like https proxies *should* be supported. Not sure if that patch in in our python release. Just for reference, here is some extension which adds a HTTPS Proxy handler: http://richard.jones.name/google-hacks/gmail-filesystem/pyOpenSSLProxy-0.1.t... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.