Article delegate-en/2130 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2129@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Problem with http-proxy: using MYAUTH and ssl
18 Feb 2003 17:13:45 GMT feedback@delegate.org (Yutaka Sato)


In message <_A2129@delegate-en.ML_> on 02/19/03(00:16:56)
you "Daniel =?iso-8859-1?Q?Erd=F6s?=" <pkeeabdyi-t7hpmu5jwfxr.ml@ml.delegate.org> wrote:
 |We have a http proxy (squid) that is configured to require proxy authentication with username and password. Because we want to use applications that cannot do proxy authentication we would like to place a delegate http (ssl) proxy "in front of it" so that delegate can do this authentification with one specially configured user and password instead of the applications.
 |
 |For http this works fine with the option MYAUTH:
 |dg8_3_3.exe ADMIN=admin -P8080 SERVER=http PROXY=nextproxy:8080 MYAUTH=user:password

You should specify the protocol name (http-proxy in this case) to which
the MYAUTH is used like

  MYAUTH=user:password:http-proxy

otherwise Authorization will be generated and sent to the origin server
together with the Proxy-Authorization to the proxy server.

 |But unfortunately this fails with https/ssl. In this case it seems that delegate does not transfer the username/password.

Referring MYAUTH on relaying CONNECT method has not been implemented.
It will be done by the modification to http.c like the enclosed patch.

 |Using SSLTUNNEL instead of PROXY leads to the same negative result. Here is my configuration string:
 |dg8_3_3.exe ADMIN=admin -P8080 SERVER=http SSLTUNNEL=nextproxy:8080 MYAUTH=user:password

It will be done by the modification to master.c like the enclosed patch.

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** ../delegate8.3.3/src/http.c	Thu Jan 16 19:16:53 2003
--- http.c	Wed Feb 19 01:27:34 2003
***************
*** 4862,4867 ****
--- 4862,4868 ----
  	char ctype[128];
  	FILE *ts,*fs;
  	int vno;
+ 	char genfields[0x8000];
  
  	if( strncasecmp(REQ,"CONNECT",7) != 0 )
  		return 0;
***************
*** 4897,4902 ****
--- 4898,4904 ----
  	}
  
  	setConnDone(Conn);
+ 	genProxyReqFields(Conn,genfields,NULL);
  
  	fs = fdopen(FromS,"r");
  	if( toMaster || toProxy ){
***************
*** 4904,4909 ****
--- 4906,4912 ----
  			ts = ToServ;
  		else	ts = fdopen(ToS,"w");
  		fputs(REQ,ts);
+ 		fputs(genfields,ts);
  		fputs(REQ_FIELDS,ts);
  		fflush(ts);
  		{	char line[256];
*** ../delegate8.3.3/src/master.c	Wed Jan  8 22:16:50 2003
--- master.c	Wed Feb 19 01:57:17 2003
***************
*** 1900,1905 ****
--- 1900,1907 ----
  	if( sock < 0 )
  		return -1;
  
+ 	toProxy = 2;
+ 	strcpy(GatewayProto,"http");
  	sprintf(msg,"CONNECT %s:%d HTTP/1.0\r\n\r\n",host,port);
  	{	char genauth[1024],auth[1024];
  		if( makeAuthorization(Conn,genauth,1) ){

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V