Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-847

Forward proxy: Can't create SSL connection to older Subversion Servers.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0, 3.0.0
    • Fix Version/s: 3.1.0, 3.0.1
    • Component/s: None
    • Labels:
      None

      Description

      When trying to access older Subversion (1.6.9, 1.5.1 verified) servers through SSL via the Forward proxy, I'll get a failure such as:

      igalic@knock ~/src % svn co https://gar.svn.sourceforge.net/svnroot/gar/csw/mgar/gar/
      svn: PROPFIND of '/svnroot/gar/!svn/bln/14844': Could not create SSL connection through proxy server: 502 Tunnel Connection Failed (https://gar.svn.sourceforge.net)
      1 igalic@knock ~/src %
      

      The squid.blog says:

      1308609250.117 1004 127.0.0.1 TCP_MISS/200 4664 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609250.642 524 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609251.167 525 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609251.689 522 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609252.231 541 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609252.756 524 127.0.0.1 TCP_MISS/200 1031 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609253.285 528 127.0.0.1 TCP_MISS/200 1095 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609253.814 528 127.0.0.1 TCP_MISS/200 1335 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609254.345 530 127.0.0.1 TCP_MISS/200 1111 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net - -
      1308609254.416 70 127.0.0.1 ERR_CONNECT_FAIL/502 454 CONNECT gar.svn.sourceforge.net:443/ - DIRECT/gar.svn.sourceforge.net text/html -
      

      While the error log says:

      20110621.00h25m14s RESPONSE: sent 127.0.0.1 status 502 (Tunnel Connection Failed) for 'gar.svn.sourceforge.net:443/'
      

      With newer versions of the Subversion server this works out fine, example the ASF's server:

      igalic@knock ~/src % svn co https://svn.apache.org/repos/asf/trafficserver/plugins/header_filter/
      A    header_filter/example.conf
      A    header_filter/rules.h
      A    header_filter/NOTICE
      A    header_filter/header_filter.cc
      A    header_filter/LICENSE
      A    header_filter/STATUS
      A    header_filter/lulu.h
      A    header_filter/CHANGES
      A    header_filter/Makefile
      A    header_filter/README
      A    header_filter/rules.cc
      Checked out revision 1137808.
      igalic@knock ~/src %
      

      I wouldn't submit this bug in the first place, if it didn't work with Squid either. Alas Squid passes with flying colours! Attatched you can find wireshark captures for the four scenarios:

      • Failure with ATS (old subversion server: sf.net)
      • Success with Squid (same old subversion server: sf.net)
      • Success with ATS (new Subversion server: ASF)
      • Success with Squid (same new Subversion server: ASF)

      To force subversion through a proxy you need to edit ~/.subversion/servers

      [global]
      http-proxy-host = localhost
      http-proxy-port = 8080
      

        Attachments

        1. 01_fail_ats_sfnet.cap
          19 kB
          Igor Galić
        2. 02_pass_squid_sfnet.cap
          4.87 MB
          Igor Galić
        3. 03_pass_ats_asf.cap
          72 kB
          Igor Galić
        4. 04_pass_squid_asf.cap
          70 kB
          Igor Galić
        5. TS-847.diff
          0.5 kB
          Leif Hedstrom

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              i.galic Igor Galić
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: