Secure forward proxy responds with empty response for HTTP CONNECT

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Secure forward proxy responds with empty response for HTTP CONNECT

Hemant
This post has NOT been accepted by the mailing list yet.
Hi,

I am trying to configure a forward proxy using ATS. The records.config has following configuration for TLS -
CONFIG proxy.config.ssl.SSLv2 INT 0
CONFIG proxy.config.ssl.SSLv3 INT 0
CONFIG proxy.config.ssl.TLSv1 INT 0
CONFIG proxy.config.ssl.TLSv1_1 INT 0
CONFIG proxy.config.ssl.TLSv1_2 INT 1
CONFIG proxy.config.ssl.client.certification_level INT 2
CONFIG proxy.config.ssl.client.verify.server INT 0

As client.certification_level is set to 2, I am assuming a client must send its certificate.
I have written a python(2.7) script to connect to an Origin Server via the forward proxy.

******************
import requests
from requests.exceptions import Timeout, ConnectionError

CA_CHAIN_FILE = 'ca.pem'
SERVER_KEY = 'server.cer'
PRIV_KEY = 'private.key'

auth_tuple = None
timeout_sec = 5
proxies = {
}

headers = { 'User-Agent': 'My User Agent' }
payload = {}

resp = requests.get(origin_url, data=payload, verify=CA_CHAIN_FILE, auth=auth_tuple, headers=headers, cert=(SERVER_KEY, PRIV_KEY), timeout=timeout_sec, proxies=proxies)


The above code fails with below exception -

  File "client_poc.py", line 18, in <module>
    resp = requests.get(url, data=payload, verify=CA_CHAIN_FILE, auth=auth_tuple, headers=headers, cert=(SERVER_KEY, PRIV_KEY), timeout=timeout_sec, proxies=proxies)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 518, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 639, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 488, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))

Similar thing when I try using below curl command, it succeeds -
curl -x https://fwd_proxy.cust1.com:8445 https://origin_server.com -vvvv --proxy-cacert ca.pem --proxy-cert server.cer --proxy-key private.key

In the curl case I see that HTTP CONNECT request is getting 200 OK but in python case dont see an HTTP response. 
Even in the ATS logs I dont see any entry for the first case but for curl case CONNECT message can be seen.

Stuck at this, would appreciate if someone could give any pointers.