Skip Menu |

This queue is for tickets about the Crypt-SSLeay CPAN distribution.

Report information
The Basics
Id: 11078
Status: resolved
Priority: 1/
Queue: Crypt-SSLeay
People
Owner: dland [...] cpan.org
Requestors: info [...] gwendragon.de
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: 0.51
Fixed in: (no value)

History Show all quoted text
  Wed Jan 19 07:24:23 2005 Guest - Ticket created
Subject: Net::SSL in Crypt::SSLeay ignores no_proxy settings
ActivePerl v5.8.6.811 MSWin32-x86-multi-thread Crypt-SSLeay 0.51 Running on Windows 2000 SP4 Using LWP::UserAgent with Crypt::SSLeay and https_proxy and no_proxy settings Intranet server with domainname intranet and subdomains is at 192.168.0.12 in our net and registered on our intranet dns bind server. All IPs/domain names are resolved correct! * Connecting to https://ssl.intranet ignores no_proxy settings and connects over our internet proxy! This is a problem! * Connecting to http://intranet connects direct to intranet server. It seams, that Net::SSL ignores the no_proxy settings an uses the proxy ip/port to connect. But we have to connect to https://ssl.intranet for testing and programming purposes CODE: ----snip---- #!/usr/local/bin/perl use LWP::UserAgent; my $url = "https://ssl.intranet"; # is IP 192.168.0.12 my $ua = LWP::UserAgent->new; # proxy to WWW is 192.168.0.1:3128 $ua->proxy([qw( http https )], "http://192.168.0.1:3128"); # intranet is 192.168.0.*, ssl.intranet $ua->no_proxy( '192.168.0.12', 'ssl.intranet', '192.168.0.1' ); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req); if ($res->is_success) { print $res->as_string; } else { print "Failed: ", $res->status_line, "\n"; } 1; ----snip---- The same problem occurs with perls GET skript in bin subdir
  Thu Jun 23 07:42:52 2005 Guest - Correspondence added
From: GwenDragon
[guest - Wed Jan 19 07:24:23 2005]: This patch helped me. --- SSL.pm 2003-05-28 08:26:08.000000000 +0200 +++ SSL.pm.patched 2005-06-22 14:37:13.671875000 +0200 @@ -325,7 +325,18 @@ $lwp_object; } - + +# +++ patched by GwenDragon 2005-06-14 +sub is_noproxy { + my $dom = shift; + + my $np = $ENV{'NO_PROXY'} || ''; + my ( @nop ) = split /,/,$np; + + return grep(/$dom/, @nop); +} +# +++ patched by GwenDragon 2005-06-14 + sub proxy_connect_helper { my $self = shift; @@ -341,14 +352,27 @@ my $iaddr = gethostbyname($host); $iaddr || die("can't resolve proxy server name: $host, $!"); - $port || die("no port given for proxy server $proxy"); - - $self->SUPER::connect($port, $iaddr) - || die("proxy connect to $host:$port failed: $!"); + $port || die("no port given for proxy server $proxy"); my($peer_port, $peer_addr) = (*$self->{ssl_peer_port}, *$self- Show quoted text
>{ssl_peer_addr});
$peer_port || die("no peer port given"); - $peer_addr || die("no peer addr given"); + $peer_addr || die("no peer addr given"); + +# +++ patched by GwenDragon 2005-06-14 +if (is_noproxy($peer_addr)) { + $iaddr = gethostbyname($peer_addr); + $iaddr || die("can't resolve $peer_addr, $!"); + $self->SUPER::connect($peer_port, $iaddr) #try connection + || die("connect to $peer_addr:$peer_port failed: $!"); + return 1; + } + else { +# +++ patched by GwenDragon 2005-06-14 + $self->SUPER::connect($port, $iaddr) + || die("proxy connect to $host:$port failed: $!"); +# +++ patched by GwenDragon 2005-06-14 +} +# +++ patched by GwenDragon 2005-06-14 my $connect_string; if ($ENV{"HTTPS_PROXY_USERNAME"} || $ENV{"HTTPS_PROXY_PASSWORD"}) {
  Thu Jun 23 07:46:31 2005 Guest - Correspondence added
From: GwenDragon
[guest - Thu Jun 23 07:42:52 2005]: Sorry forgot to say, that the patch is for Net::SSL Version 2.77 !!! Show quoted text
> [guest - Wed Jan 19 07:24:23 2005]: > > This patch helped me. > > --- SSL.pm 2003-05-28 08:26:08.000000000 +0200 > +++ SSL.pm.patched 2005-06-22 14:37:13.671875000 +0200 > @@ -325,7 +325,18 @@ > > $lwp_object; > } > - > + > +# +++ patched by GwenDragon 2005-06-14 > +sub is_noproxy { > + my $dom = shift; > + > + my $np = $ENV{'NO_PROXY'} || ''; > + my ( @nop ) = split /,/,$np; > + > + return grep(/$dom/, @nop); > +} > +# +++ patched by GwenDragon 2005-06-14 > + > sub proxy_connect_helper { > my $self = shift; > > @@ -341,14 +352,27 @@ > > my $iaddr = gethostbyname($host); > $iaddr || die("can't resolve proxy server name: $host, $!"); > - $port || die("no port given for proxy server $proxy"); > - > - $self->SUPER::connect($port, $iaddr) > - || die("proxy connect to $host:$port failed: $!"); > + $port || die("no port given for proxy server $proxy"); > > my($peer_port, $peer_addr) = (*$self->{ssl_peer_port}, *$self-
> >{ssl_peer_addr});
> $peer_port || die("no peer port given"); > - $peer_addr || die("no peer addr given"); > + $peer_addr || die("no peer addr given"); > + > +# +++ patched by GwenDragon 2005-06-14 > +if (is_noproxy($peer_addr)) { > + $iaddr = gethostbyname($peer_addr); > + $iaddr || die("can't resolve $peer_addr, $!"); > + $self->SUPER::connect($peer_port, $iaddr) #try > connection > + || die("connect to $peer_addr:$peer_port failed: $!"); > + return 1; > + } > + else { > +# +++ patched by GwenDragon 2005-06-14 > + $self->SUPER::connect($port, $iaddr) > + || die("proxy connect to $host:$port failed: $!"); > +# +++ patched by GwenDragon 2005-06-14 > +} > +# +++ patched by GwenDragon 2005-06-14 > > my $connect_string; > if ($ENV{"HTTPS_PROXY_USERNAME"} || $ENV{"HTTPS_PROXY_PASSWORD"})
{
  Thu Jun 23 14:27:20 2005 Guest - Correspondence added
From: GwenDragon
[guest - Thu Jun 23 07:46:31 2005]: The patch is not tested.
  Wed Dec 20 13:28:06 2006 dland [...] cpan.org - Correspondence added
RT-Send-CC: info [...] gwendragon.de
On Thu Jun 23 07:42:52 2005, guest wrote: Show quoted text
> [guest - Wed Jan 19 07:24:23 2005]: > > This patch helped me. > > --- SSL.pm 2003-05-28 08:26:08.000000000 +0200 > +++ SSL.pm.patched 2005-06-22 14:37:13.671875000 +0200 > @@ -325,7 +325,18 @@ >
Hello, I am the new maintainer for Crypt-SSLeay. I'll look at this patch and see about integrating it into the distribution. Thanks, David
  Wed Dec 20 13:28:08 2006 The RT System itself - Status changed from 'new' to 'open'
  Wed Jan 24 17:30:05 2007 dland [...] cpan.org - Taken
  Wed Jan 24 17:36:37 2007 dland [...] cpan.org - Priority changed from (no value) to '1'
  Mon Jan 29 08:44:37 2007 dland [...] cpan.org - Correspondence added
I have uploaded Crypt-SSLeay-0.53_02, which contains a patch to resolve this problem. I didn't use your patch per se, but it was of great help to me in understanding what the problem was, and for this I am grateful. Can you take this development snapshot for a spin and let me know how it goes? Thanks, David
  Sun Mar 04 15:17:29 2007 dland [...] cpan.org - Correspondence added
This bug has been resolved to my satisfaction. If you have any problems with the latest development release (0.53_03), please let me know. A stable 0.54 release will be issued in the next few weeks. Thanks, David
  Sun Mar 04 15:17:33 2007 dland [...] cpan.org - Status changed from 'open' to 'resolved'