Bug#503440: https and proxy weirdness

[Brian May]

Package: libwww-perl
Version: 5.813-1

Hello,

With the following test program:

--- cut ---
#!/usr/bin/perl -w
use strict;
#require LWPx::ParanoidAgent;
#my $ua = LWPx::ParanoidAgent->new;

require LWP::UserAgent;
my $ua = LWP::UserAgent->new;

$ua->proxy(['http'], 'http://proxy.pri:3128');
$ENV{HTTPS_PROXY} = "http://proxy.pri:3128";
$ENV{HTTPS_CA_DIR} = "/etc/ssl/certs/";


my $response = $ua->get("https://db.debian.org/");

if ($response->is_success) {
    print $response->content;  # or whatever
} else {
    die $response->status_line;
}
--- cut ---

I would expect some sort of error that because the certificate of 
https://db.debian.org/ cannot be verified.

Instead, after the first connection attempt fails, the program connects 
to proxy.pri:3128 again and sends a "HTTP CONNECT proxy.pri:3128 
HTTP/1.0" to try and connect to the proxy again. This seems wrong.

As such, the error is from the proxy server, when it gets this request 
to connect to itself: "HTTP HTTP/1.0 403 Forbidden (text/html)" - this 
is very confusing to the user.

andean:/home/brian/tmp/ikiwiki-2.67brian1# export HTTPS_DEBUG=1

andean:/# /tmp/test.pm
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:
HTTP/1.0 403 Forbidden
Server: squid/2.6.STABLE5
Date: Sun, 26 Oct 2008 02:44:40 GMT
Content-Type: text/html
Content-Length: 1060
Expires: Sun, 26 Oct 2008 02:44:40 GMT
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from scrooge.microcomaustralia.com.au
X-Cache-Lookup: NONE from scrooge.microcomaustralia.com.au:3128
Via: 1.0 scrooge.microcomaustralia.com.au:3128 (squid/2.6.STABLE5)
Proxy-Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; 
charset=iso-8859-1">
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
<STYLE 
type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR noshade size="1px">
<P>
While trying to retrieve the URL:
<A HREF="proxy.pri:3128">proxy.pri:3128</A>
<P>
The following error was encountered:
<UL>
<LI>
<STRONG>
Access Denied.
</STRONG>
<P>
Access control configuration prevents your request from
being allowed at /tmp/test.pm line 19.

Brian May