From nobody@FreeBSD.org  Wed Aug 21 05:22:21 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 35D9260E
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Aug 2013 05:22:21 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 2393F26EB
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Aug 2013 05:22:21 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r7L5MKgD005201
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Aug 2013 05:22:20 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r7L5MKAh005195;
	Wed, 21 Aug 2013 05:22:20 GMT
	(envelope-from nobody)
Message-Id: <201308210522.r7L5MKAh005195@oldred.freebsd.org>
Date: Wed, 21 Aug 2013 05:22:20 GMT
From: Kimo <kimor79@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] fetch(3) - Host header required by some proxies for HTTPS
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         181445
>Category:       kern
>Synopsis:       [libfetch] [patch] Host header required by some proxies for HTTPS
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 21 05:30:00 UTC 2013
>Closed-Date:    Thu Oct 10 09:43:26 UTC 2013
>Last-Modified:  Thu Oct 10 09:43:26 UTC 2013
>Originator:     Kimo
>Release:        9.1-RELEASE (but patched against HEAD)
>Organization:
>Environment:
>Description:
Some proxy servers, i.e., apache, enforce the Host header requirement on HTTP/1.1 requests even when the CONNECT method is given. The resulting response is "400 bad request". This patch adds the Host header immediately after the CONNECT method. However, even with the patch, the request will fail later on with SSL errors but that would be a different PR.
>How-To-Repeat:
I don't have a public apache-based proxy server to use but an apache configuration containing the following:

ProxyRequests On
SSLProxyEngine On
AllowCONNECT 80 443

And then

export HTTP_PROXY=http://theproxyserver:80/
fetch https://www.yahoo.com/
>Fix:
Index: lib/libfetch/http.c
===================================================================
--- lib/libfetch/http.c	(revision 254593)
+++ lib/libfetch/http.c	(working copy)
@@ -1400,6 +1400,8 @@
 	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
 		http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
 		    URL->host, URL->port);
+		http_cmd(conn, "Host: %s:%d",
+		    URL->host, URL->port);
 		http_cmd(conn, "");
 		if (http_get_reply(conn) != HTTP_OK) {
 			fetch_close(conn);

Patch attached with submission follows:

Index: lib/libfetch/http.c
===================================================================
--- lib/libfetch/http.c	(revision 254593)
+++ lib/libfetch/http.c	(working copy)
@@ -1400,6 +1400,8 @@
 	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
 		http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
 		    URL->host, URL->port);
+		http_cmd(conn, "Host: %s:%d",
+		    URL->host, URL->port);
 		http_cmd(conn, "");
 		if (http_get_reply(conn) != HTTP_OK) {
 			fetch_close(conn);


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Aug 22 01:44:31 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181445 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/181445: commit references a PR
Date: Thu, 22 Aug 2013 07:43:44 +0000 (UTC)

 Author: des
 Date: Thu Aug 22 07:43:36 2013
 New Revision: 254650
 URL: http://svnweb.freebsd.org/changeset/base/254650
 
 Log:
   Even though it doesn't really make sense in the context of a CONNECT
   request, RFC 2616 14.23 mandates the presence of the Host: header in
   all HTTP 1.1 requests.
   
   PR:		kern/181445
   Submitted by:	Kimo <kimor79@yahoo.com>
   MFC after:	3 days
 
 Modified:
   head/lib/libfetch/http.c
 
 Modified: head/lib/libfetch/http.c
 ==============================================================================
 --- head/lib/libfetch/http.c	Thu Aug 22 07:39:53 2013	(r254649)
 +++ head/lib/libfetch/http.c	Thu Aug 22 07:43:36 2013	(r254650)
 @@ -1400,6 +1400,8 @@ http_connect(struct url *URL, struct url
  	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
  		http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
  		    URL->host, URL->port);
 +		http_cmd(conn, "Host: %s:%d",
 +		    URL->host, URL->port);
  		http_cmd(conn, "");
  		if (http_get_reply(conn) != HTTP_OK) {
  			fetch_close(conn);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: glebius 
State-Changed-When: Thu Oct 10 09:43:08 UTC 2013 
State-Changed-Why:  
Merged to stable/9. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181445 
>Unformatted:
