On Saturday, December 3, 2022 at 4:46:54 PM UTC maumon...@gmail.com wrote: > Hello all, > > I have been facing an issue when I try to create a HTTP client which needs > to connect through a HTTPS proxy using the HTTP CONNEC method. I know that > it can be achieved setting my own http.Transport object. However the issue > seems to be in the current implementation of /net/http/transport.go code. > > In my environment, I am developing a HTTP client which ALWAYS use a HTTPS > proxy using HTTP CONNECT method. This client is allowed to reach HTTP or > HTTPS targets. Therefore, I noticed that when I try to reach a HTTPS > target, the the transport layer works as expected and it uses the HTTP > CONNECT method. However, when I try to reach a HTTP target, the transport > does not use the CONNECT method. >
This is normal. The CONNECT method allows a client to create a TCP tunnel through your gateway. This allows your client to perform all TLS negotiation. However for HTTP requests this extra layering is not required. In the standard library you can see the setting of pconn.isProxy=true at https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/transport.go;l=1093 this is later used when writing the request at https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/request.go;l=521 Essentially it changes the form of the http method from GET /path/to/resource to GET http://hostname/path/to/resource so your gateway would then know that this is a proxy request and perform the external request Graham. > Looking at the transport.go code, I realized that the check to use the > CONNECT method is based on the protocol of the target instead of being on > the protocol of the proxy URL. Below is a link showing that: > > 1. HTTP check > > > https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/transport.go;l=1092 > > 2. HTTPS check > > > https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/transport.go;l=1099 > > As can be seen on the links above, the condition is based on cm > <https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/transport.go;drc=7ab361531514764fdccb23283a2e7f1916b74b87;l=1570> > .targetScheme > <https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/transport.go;drc=7ab361531514764fdccb23283a2e7f1916b74b87;l=1816> > instead > of cm > <https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/transport.go;drc=7ab361531514764fdccb23283a2e7f1916b74b87;l=1570> > .proxyURL > <https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/http/transport.go;drc=7ab361531514764fdccb23283a2e7f1916b74b87;l=1815> > .Scheme > <https://cs.opensource.google/go/go/+/refs/tags/go1.9.5:src/net/url/url.go;drc=7ab361531514764fdccb23283a2e7f1916b74b87;l=363>. > > Is it a bug? > > *Go version: go version go1.19.3 linux/amd64* > > Mauro > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/885c9184-6696-4dc2-8c75-bfc48b510214n%40googlegroups.com.
