Subject Re: HTTPS and a proxyserver
From Frans Vermeulen <fv@gbor.nl>
Date Fri, 30 Apr 2021 10:21:26 +0200
Newsgroups xb2net

Thnx Boris for the reply,

Sorry for being unclear, I have been running in circles
for some days now, and it's driving me mad, and my question
became a little unstructured.

The situation is as follows:

client (Xb2Net)
   |
https-proxy at client's site port 8080
   |
Firewall blocking HTTP
   |
server (Xb2Net)

When everything is HTTP, in the client application,
the connection is established until it reaches the firewall.
The firewall returns the HTTP 403.

If anything indicates a HTTPS like the URL or the xbSSLContext
being set, as in your example, or a port 443 is used in the URL,
some primary negotiation is done with the proxy SYN/SYNACK/ACK,
nothing else happens.

Subsequently the client oHttp:Execute times out after a minute or so,
and oResponse is Nil

The the systemadministrator from the client can reach the server using curl:
curl --proxy proxyserver:8080 https://www.website.com/
getting an answer. Browsers like firefox (this is what the client uses)
can reach the xb2net-server also.

The client deems it a securitymatter not to reveal what brand of proxy they use.

In order to reproduce the problem, I set up a scenario using
freeproxy (http://handcraftedsoftware.org)

client (xb2net)
   |
Freeproxy
   |
Server (xb2net)

Using this scenario, I get the same results.
freeproxy logs no traffic, the only way to see the correct route via the proxy is chosen,
is monitoring the network traffic with wireshark, c.q. netstat -a.
No traffic reaches the server.

I have no idea what is supposed to happen at the moment the traffic stalls.

Regards,
Frans Vermeulen

> I believe what you need to do is something like this:
>
> oHttp := xbHTTPClient():new()
> oSSL  := xbSSLContext():new(TLS_client_method)
> oHttp:SSLContext := oSSL
> oHTTP:SetProxy("proxyserver", 8080)
> oResponse := oHttp:Execute("http://www.website.com")
>
> //....
> oHttp:destroy()
> oSSL:destroy()
>
> Alternatively, you can use WinInet to use the Windows proxy settings:
> oHttp:Transport == VIA_WININET
>
> --
> Best regards,
> Boris Borzic
>
> http://xb2.net
> http://sqlexpress.net
> industrial strength Xbase++ development tools
>
>
> Frans Vermeulen <fv@gbor.nl> wrote in
> news:20210429171950.e2252ac3c3be49b87d0fd00e@gbor.nl:
>
> > Did anyone successfully establish connections through a HTTPS-proxy?
> >
> > When I do this:
> >
> >    // create an HTTP client instance
> >    oHttp := xbHTTPClient():new()
> >
> >    oHTTP:SetProxy("proxyserver", 8080)
> >
> >    ? "executing HTTP request..."
> >    oResponse := oHttp:Execute("http://www.website.com")
> >
> > I get a response. (HTTP 403) which is correct: this is not allowed on
> > this server.
> >
> > If either I set an SSL-context to the xbHttpClient, or change the
> > "http://..." in "https://..." or change the port to 443, I can see
> > that: no data with the proxy is exchanged. oResponse remains Nil.
> >
> > I suspect in these cases, a secure connection is setup with the proxy,
> > which is not understood by the proxy.
> >==> my guess comes from reading the following article.
> > https://stackoverflow.com/questions/58559109/difference-between-http-pr
> > oxy-and-https-proxy
> >
> > Am I missing the setting, that should be done, in order to establish
> > an HTTPS-connection through a proxy?
> >
>


--
Frans Vermeulen <fv@gbor.nl>

Recent messages in this thread
 
-# HTTPS and a proxyserver Frans Vermeulen 29-Apr-2021 11:19 am
.-# Re: HTTPS and a proxyserver Boris Borzic <.> 29-Apr-2021 04:56 pm
..-# Re: HTTPS and a proxyserver (Current message) Frans Vermeulen 30-Apr-2021 04:21 am
...-# Re: HTTPS and a proxyserver Boris Borzic <.> 30-Apr-2021 10:48 pm
....-# Re: HTTPS and a proxyserver Frans Vermeulen 03-May-2021 04:58 am
.....\# Re: HTTPS and a proxyserver Boris Borzic <.> 03-May-2021 07:36 pm