Re: pkg_add doesn't set the Host header in CONNECT requests

Sun, 07 Apr 2024 04:39:44 -0700 

Diff looks good to me - I'm a bit surprised Apache httpd needs this on
proxy CONNECT requests though, other proxies that I've used are happy
without.

On 2024/04/07 16:46, KUWAZAWA Takuya wrote:
> >Synopsis:    pkg_add doesn't set the Host header in CONNECT requests
> >Category:    user
> >Environment:
>       System      : OpenBSD 7.4
>       Details     : OpenBSD 7.4 (GENERIC) #3: Wed Feb 28 06:23:08 MST 2024
>                        
> r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
> 
>       Architecture: OpenBSD.amd64
>       Machine     : amd64
> >Description:
> 
> pkg_add doesn't work when http_proxy is set.
> The proxy server says that client sent HTTP/1.1 request without hostname.
> 
> >How-To-Repeat:
> 
> # pkg_add apache-httpd
> # perl -pi.old -e '/mod_proxy(_http|_connect)?\.so/ && s/^#//' 
> /etc/apache2/httpd2.conf
> # perl -pi -e '/^LogLevel/ && s/warn/debug/' /etc/apache2/httpd2.conf
> # echo 'ProxyRequests On' >> /etc/apache2/httpd2.conf
> # apachectl2 start
> 
> # export http_proxy=http://localhost:80/
> # pkg_add bash
> https://cdn.openbsd.org/pub/OpenBSD/7.4/packages-stable/amd64/: TLS handshake 
> failure: handshake failed: unexpected EOF
> https://cdn.openbsd.org/pub/OpenBSD/7.4/packages/amd64/: TLS handshake 
> failure: handshake failed: unexpected EOF
> https://cdn.openbsd.org/pub/OpenBSD/7.4/packages/amd64/: empty
> 
> # tail -n 1 /var/www/logs/access_log
> 127.0.0.1 - - [06/Apr/2024:22:40:26 +0900] "CONNECT cdn.openbsd.org:443 
> HTTP/1.1" 400 226
> # tail -n 1 /var/www/logs/error_log
> [Sat Apr 06 22:40:26.215271 2024] [core:debug] [pid 32509] protocol.c(1043): 
> [client 127.0.0.1:39864] AH00569: client sent HTTP/1.1 request without 
> hostname (see RFC2616 section 14.23): /
> 
> >Fix:
> 
> I added the Host header as follows.
> 
> --- usr.bin/ftp/fetch.c.orig  Thu Jun 29 02:35:06 2023
> +++ usr.bin/ftp/fetch.c       Sat Apr  6 22:44:46 2024
> @@ -1724,11 +1724,13 @@
>  
>       if (cookie) {
>               l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n"
> +                     "Host: %s:%s\r\n"
>                       "Proxy-Authorization: Basic %s\r\n%s\r\n\r\n",
> -                     host, port, cookie, HTTP_USER_AGENT);
> +                     host, port, host, port, cookie, HTTP_USER_AGENT);
>       } else {
> -             l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n%s\r\n\r\n",
> -                     host, port, HTTP_USER_AGENT);
> +             l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n"
> +                     "Host: %s:%s\r\n%s\r\n\r\n",
> +                     host, port, host, port, HTTP_USER_AGENT);
>       }
>  
>       if (l == -1)
>

Reply via email to