Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1531

https connections through proxies don't work if authentication is disabled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 4.3.2, 4.3.3, 4.3.4, 4.4 Alpha1
    • 4.3.5, 4.4 Beta1
    • HttpClient (classic)
    • None

    Description

      HttpClient seems to have a problem accessing websites using SSL behind a proxy when authentication is disabled.

      How to reproduce:
      Create a HttpClient with a proxy and authentication disabled, and use it to access a "https" website (note that the proxy does not require authentication):

      Example.java
              HttpClientBuilder
            .create()
            .setDefaultRequestConfig(
                 RequestConfig
                     .custom()
                     .setAuthenticationEnabled(false)
                     .build())
            .setProxy(someProxy)
            .build()
            .execute(
                 RequestBuilder
                     .create(HttpGet.METHOD_NAME)
                     .setUri("https://some.site")
                     .build());

      The request fails with the following exception:

      DEBUG - Connection request: [route: {tls}->http://ec2-54-73-107-194.eu-west-1.compute.amazonaws.com:3128->https://provisioning.eu.blackberry.com:443][total kept alive: 0; route allocated: 0 of 100; total allocated: 0 of 100]
DEBUG - Connection leased: [id: 0][route: {tls}->http://ec2-54-73-107-194.eu-west-1.compute.amazonaws.com:3128->https://provisioning.eu.blackberry.com:443][total kept alive: 0; route allocated: 1 of 100; total allocated: 1 of 100]
DEBUG - Opening connection {tls}->http://ec2-54-73-107-194.eu-west-1.compute.amazonaws.com:3128->https://provisioning.eu.blackberry.com:443
DEBUG - Connecting to ec2-54-73-107-194.eu-west-1.compute.amazonaws.com/54.73.107.194:3128
DEBUG - Connection established 192.168.0.21:53559<->54.73.107.194:3128
DEBUG - http-outgoing-0 >> CONNECT provisioning.eu.blackberry.com:443 HTTP/1.1
DEBUG - http-outgoing-0 >> Host: provisioning.eu.blackberry.com
DEBUG - http-outgoing-0 >> Proxy-Connection: Keep-Alive
DEBUG - http-outgoing-0 >> "CONNECT provisioning.eu.blackberry.com:443 HTTP/1.1[\r][\n]"
DEBUG - http-outgoing-0 >> "Host: provisioning.eu.blackberry.com[\r][\n]"
DEBUG - http-outgoing-0 >> "Proxy-Connection: Keep-Alive[\r][\n]"
DEBUG - http-outgoing-0 >> "[\r][\n]"
DEBUG - http-outgoing-0 << "HTTP/1.0 200 Connection established[\r][\n]"
DEBUG - http-outgoing-0 << "[\r][\n]"
DEBUG - http-outgoing-0 << HTTP/1.0 200 Connection established
DEBUG - http-outgoing-0 >> CONNECT provisioning.eu.blackberry.com:443 HTTP/1.1
DEBUG - http-outgoing-0 >> Host: provisioning.eu.blackberry.com
DEBUG - http-outgoing-0 >> Proxy-Connection: Keep-Alive
DEBUG - http-outgoing-0 >> "CONNECT provisioning.eu.blackberry.com:443 HTTP/1.1[\r][\n]"
DEBUG - http-outgoing-0 >> "Host: provisioning.eu.blackberry.com[\r][\n]"
DEBUG - http-outgoing-0 >> "Proxy-Connection: Keep-Alive[\r][\n]"
DEBUG - http-outgoing-0 >> "[\r][\n]"
DEBUG - http-outgoing-0 << "end of stream"
DEBUG - http-outgoing-0: Close connection
DEBUG - http-outgoing-0: Shutdown connection
DEBUG - Connection discarded
DEBUG - http-outgoing-0: Close connection
DEBUG - Connection released: [id: 0][route: {tls}->http://ec2-54-73-107-194.eu-west-1.compute.amazonaws.com:3128->https://provisioning.eu.blackberry.com:443][total kept alive: 0; route allocated: 0 of 100; total allocated: 0 of 100]
INFO - I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {tls}->http://ec2-54-73-107-194.eu-west-1.compute.amazonaws.com:3128->https://provisioning.eu.blackberry.com:443: The target server failed to respond
DEBUG - The target server failed to respond
org.apache.http.NoHttpResponseException: The target server failed to respond
	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:143)
	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
	at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
	at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
	at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:271)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
	at org.apache.http.impl.execchain.MainClientExec.createTunnelToTarget(MainClientExec.java:457)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:382)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:221)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:199)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:87)
	at org.apache.http.impl.execchain.ServiceUnavailableRetryExec.execute(ServiceUnavailableRetryExec.java:83)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:84)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)

      It seems to be because of the for loop not being properly exited in org.apache.http.impl.execchain.MainClientExec.createTunnelToTarget when config.isAuthenticationEnabled() returns false:

      MainClientExec.java
          private boolean createTunnelToTarget(
...
        for (;;) {
...
            if (config.isAuthenticationEnabled()) {
...
            }
        }
...
    }

      Attachments

        Activity

          People

            Unassigned Unassigned
            Maxime S. Maxime Suret
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: