inets ssl proxy

Michael McDaniel <>
Thu Mar 3 01:59:23 CET 2005


Well, I have not yet been successful.  I thought it might be
because I upgraded OpenSSL (which got installed in /usr/local) 
but still had the default SuSE OpenSSL installed elsewhere. 
I recompiled Erlang against OpenSSL 0.9.7e and still problems.

Perhaps it is something else wrong with this machine as I also get 
Yaws problems like
-----------------
ERROR erlang  code  crashed:
 File: /var/yaws/www/arg.yaws:59
Reason: {function_clause,[{prim_inet,peername,[{sslsocket,5,<0.63.0>}]},
                          {m2,out,1},
                          {yaws_server,deliver_dyn_part,8},
                          {yaws_server,aloop,3},
                          {yaws_server,acceptor0,2},
                          {proc_lib,init_p,5}]}
Req: {http_request,'GET',{abs_path,"/arg.yaws"},{1,1}}
-----------------
when I try to  https://localhost/arg.yaws  from this (localhost)
machine, with Yaws running on this (localhost) machine.  Most of
the other https://localhost  Yaws pages work fine.

Anyway, back to original problem,


                 Internet  (for https://test.xquad.com ...)

     - - - - - - - + - - - - - - - - -- 
                   |
           +-------+----------+
           |                  |
           |    autosys.us    | runs web proxy SQUID 3.0-PRE3 port 3128
           |                  |
           +-------+----------+
                   |
                   |
                   |
           +-------+------------+
           |                    |
           | fangora.autosys.us |
           | aka  'localhost'   |
           |                    |
           +--------------------+


$ uname -a 
Linux fangora 2.6.4-52-default #1 Wed Apr 7 02:08:30 UTC 2004 i686 i686 i386 GNU/Linux
$ erl
Erlang (BEAM) emulator version 5.4.4 [source] [hipe]

Eshell V5.4.4  (abort with ^G)
1> c:c(hd).
{ok,hd}
2> hd:start().
https://test.xquad.com, error, esslerrssl 
https://autosys.us, ok, {{"HTTP/1.1",200,"OK"},
                         [{"connection","Keep-Alive"},
                          {"date","Wed, 02 Mar 2005 22:56:42 GMT"},
                          {"server","Apache"},
                          {"content-length","16364"},
                          {"content-type","text/html; charset=ISO-8859-1"},
                         {"keep-alive","timeout=15, max=100"}],  etc., etc., etc.
https://localhost, ok, {{"HTTP/1.1",200,"OK"},
                        [{"connection","Keep-Alive"},
                         {"date","Wed, 02 Mar 2005 22:56:43 GMT"},
                         {"server","Apache"},
                         {"content-length","16364"},
                         {"content-type","text/html; charset=ISO-8859-1"},
                         {"keep-alive","timeout=15, max=100"}],    etc., etc., etc.
3> q().
ok
4> $

So, ssl is apparently working, just not when it has to go through the proxy server.
And, apparently the reason for this is that, when going through the proxy, the
very first thing that is sent is encrypted data rather than a connect request, and
the proxy returns an invalid request error.

I would not have bothered with this any more right now, except I think maybe that it
is somehow related to my Yaws problem, and I *really* need to have Yaws working reliably
over SSL.

The hd module is below, thanks for any feedback.

~Michael

-----------------
-module(hd).
-export([start/0, hds/0, hds1/0, hds2/0]).

start() -> 
   {H, C} = hds() ,
   io:format("https://test.xquad.com, ~p, ~p ~n", [H,C]), 
   {H1, C1} = hds1() ,
   io:format("https://autosys.us, ~p, ~p  ~n", [H1, C1]), 
   {H2, C2} = hds1() ,
   io:format("https://localhost, ~p, ~p ~n", [H2, C2]) .
  
hds() ->
  application:start(inets) ,
  application:start(ssl) ,

  {ok, Ciphers} = ssl:ciphers() ,

  http:set_options([{proxy, {{"autosys.us", 3128 }, ["localhost"]}}]) ,

  http:request(get,
  {"https://test.xquad.com",
  [ {"Referer", "https://test.xquad.com"}, {"Host", "fangora.autosys.us"} ]}, 
  [{verify, 0}, {ciphers, Ciphers}], []).

hds1() ->
  application:start(inets) ,
  application:start(ssl) ,

  {ok, Ciphers} = ssl:ciphers() ,

  http:set_options([{proxy, {{"autosys.us", 3128 }, ["autosys.us"]}}]) ,

  http:request(get,
  {"https://autosys.us",
  [ {"Referer", "https://autosys.us"}, {"Host", "fangora.autosys.us"} ]}, 
  [{verify, 0}, {ciphers, Ciphers}], []).

hds2() ->
  application:start(inets) ,
  application:start(ssl) ,

  {ok, Ciphers} = ssl:ciphers() ,

  http:set_options([{proxy, {{"autosys.us", 3128 }, ["localhost"]}}]) ,

  http:request(get,
  {"https://localhost",
  [ {"Referer", "https://localhost"},
    {"Host", "fangora.autosys.us"} ]}, 
    [{verify, 0}, {ciphers, Ciphers}], []).
-----------------




On Wed, Feb 23, 2005 at 09:41:29PM -0800, Michael McDaniel wrote:
> Thank you, Ingela.  I will keep trying ssl options to try to get it
> working.  Maybe I have some other problem also - I'll keep trying.
> 
> From my direct-connect machine, without using proxy, I do not need
> to set any ssl options at all and it works fine.  Although, now
> as I think of it, my direct-connect machine is using R10B-3
> with inets-4.0.1 and my proxy machine is all R10B-3 (inets-4.2).
> 
> ~Michael
> 
> 
> On Wed, Feb 23, 2005 at 03:54:50PM +0100, Ingela Anderton wrote:
> > 
> > You need to specify some ssl options! Something like:
> > 
> > SSLOptions = [{certfile, CertFile}, {keyfile, CertFile}],
> > http:request(get, {URL, []}, [{ssl, SSLOptions}], []),
> > 
> > Michael McDaniel wrote:
> > > Should the following work, or am I doing something wrong?
> > > 
> > > -module(hd).
> > > -export([hd/3]).
> > > 
> > > 
> > > hd(Proxy, Port, URL) ->
> > >   application:start(inets) ,
> > >   application:start(ssl) ,
> > > 
> > >   http:set_options( [ {proxy, {{Proxy,Port}, ["localhost"]} } ] ) ,
> > > 
> > >   http:request(get, 
> > >   {URL,  [ {"Version", "HTTP/1.0"}, {"Referer", URL},
> > > 	   {"Host", "www.myhost.org"} ]}, [], []).
> > > 
> > > $ uname -a
> > > Linux fangora 2.6.4-52-default #1 Wed Apr 7 02:08:30 UTC 2004 i686 i686 i386 GNU/Linux
> > > $ erl
> > > Erlang (BEAM) emulator version 5.4.4 [source] [hipe]
> > > 
> > > Eshell V5.4.4  (abort with ^G)
> > > 1> c:c(hd).
> > > {ok,hd}
> > > 2> hd:hd("my.proxy.org",3128,"https://test.xquad.com").
> > > {error,esslerrssl}
> > > 3> hd:hd("my.proxy.org",3128,"http://www.quickbots.com").
> > > {ok,{{"HTTP/1.0",200,"OK"},
> > >      [{"date","Wed, 23 Feb 2005 01:34:04 GMT"},
> > >       {"via","1.0 cougora.autosys.us (squid/3.0-PRE3)"},
> > >       {"etag","\"15481-1ee2-da976100\""},
> > >       {"server","Apache"},
> > >       {"content-length","7906"},
> > >       {"content-type","text/html; charset=ISO-8859-1"},
> > >       {"last-modified","Wed, 15 Jan 2003 21:45:08 GMT"},
> > >       {"accept-ranges","bytes"},
> > >       {"x-cache","MISS from cougora.autosys.us"},
> > >       {"x-cache-lookup","HIT from cougora.autosys.us:3128"},
> > >       {"proxy-connection","keep-alive"}],
> > >      "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\r\n<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\ etc. etc. etc.
> > > 4> halt().
> > > $
> > > 
> > > The problem appears to be (looking at a trace) that the initial packets being sent by
> > > hd:hd("my.proxy.org",3128,"https://test.xquad.com"). 
> > > to my.proxy.org is all encrypted, rather than being a request that the proxy server
> > > can read, so the proxy server passes back the error INVALID REQUEST.  As you can see,
> > > the http:// request works great via proxy.
> > > 
> > > 
> > > thank you,
> > > 
> > > ~Michael
> > 
> > -- 
> > /m.v.h Ingela
> > 
> > //The highway of life is always under construction. //
> > 
> >  	        |\      _,,,--,,_  ,)
> >                 /,`.-'`'   -,  ;-;;' 
> >                |,4-  ) )-,_ ) /\
> >               '---''(_/--' (_/-'
> > 
> > Ericsson AB - OTP team
> > 
> > Cellular/Mobile: +46 70 636 78 68 
> > 
> > 
> > 
> > 



More information about the erlang-questions mailing list