curl cannot connect to https sites via microproxy with digest auth

Question

curl cannot connect to https sites via microproxy with digest auth

Opened this issue 2 years ago · 0 comments

ilyaevseev commented 2 years ago

Problem:

curl cannot connect via microproxy with digest auth to https sites
there is no such problem with Chrome and Firefox

Versions:

microproxy = latest
curl = 7.87.0

microproxy.toml:

auth_file="userlist"
auth_type="digest"
auth_realm="Realm1"

curl command:

curl-amd64 -v -k \
--proxy-digest \
--proxy-user user1:pass1 \
--proxy http://localhost:3128 \
--url "$1"

Result:

http://showip.net = ok
https://showip.net = curl: (56) Proxy CONNECT aborted

Curl output for HTTP:

*   Trying 127.0.0.1:3128...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Proxy auth using Digest with user 'user1'
> GET http://showip.net/ HTTP/1.1
> Host: showip.net
> User-Agent: curl/7.87.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: Digest realm="Realm1", qop=auth, nonce="75daff532309ca6ed3878b643e18c670"
< Date: Sat, 11 Feb 2023 02:39:54 GMT
< Content-Length: 33
< Content-Type: text/plain; charset=utf-8
< 
* Ignoring the response-body
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'http://showip.net/'
* Found bundle for host: 0x7fe830e4b3a0 [serially]
* Can not multiplex, even if we wanted to
* Re-using existing connection #0 with proxy 127.0.0.1
* Proxy auth using Digest with user 'user1'
> GET http://showip.net/ HTTP/1.1
> Host: showip.net
> Proxy-Authorization: Digest username="user1", realm="Realm1", nonce="75daff532309ca6ed3878b643e18c670", uri="/", cnonce="Y2IyNjZiN2UxYWEwNzY4ZTVjODk5ZTk0MWE3MzhhM2E=", nc=00000001, qop=auth, response="1928bae9f44befd1ea30a9001bba77d6"
> User-Agent: curl/7.87.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Methods: *
< Access-Control-Allow-Origin: *
< Content-Length: 12
< Content-Type: text/plain
< Date: Sat, 11 Feb 2023 02:39:54 GMT
< Server: Caddy
< 
* Connection #0 to host 127.0.0.1 left intact
1.2.3.4

Microproxy output for HTTP:

2023/02/11 02:39:54 [095] INFO: Got request / showip.net GET http://showip.net/
2023/02/11 02:39:54 [095] INFO: Copying response to client  [407]
2023/02/11 02:39:54 [095] INFO: Copied 33 bytes to client error=<nil>
2023-02-11T02:39:54Z 127.0.0.1:52848 GET http://showip.net/ 407 33 -
2023/02/11 02:39:54 [096] INFO: Got request / showip.net GET http://showip.net/
2023/02/11 02:39:54 [096] INFO: Sending request GET http://showip.net/
2023/02/11 02:39:54 [096] INFO: Received response 200 OK
2023/02/11 02:39:54 [096] INFO: Copying response to client 200 OK [200]
2023-02-11T02:39:54Z 127.0.0.1:52848 GET http://showip.net/ 200 12 user1
2023/02/11 02:39:54 [096] INFO: Copied 12 bytes to client error=<nil>

Curl output for HTTPS:

*   Trying 127.0.0.1:3128...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to showip.net:443
* Proxy auth using Digest with user 'user1'
> CONNECT showip.net:443 HTTP/1.1
> Host: showip.net:443
> User-Agent: curl/7.87.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 407 Proxy Authentication Required
< Content-Length: 33
< Proxy-Authenticate: Digest realm="Proxy1", qop=auth, nonce="3d8de1d3bad9e5ac8359fe246cc5ff52"
< 
* Ignore 33 bytes of response-body
* Establish HTTP proxy tunnel to showip.net:443
* Proxy auth using Digest with user 'user1'
> CONNECT showip.net:443 HTTP/1.1
> Host: showip.net:443
> Proxy-Authorization: Digest username="user1", realm="Proxy1", nonce="3d8de1d3bad9e5ac8359fe246cc5ff52", uri="showip.net:443", cnonce="MTdhMmNmMGUxMzI4NjQ1NzZhMGQxNjA5ZTA4OWJmYTg=", nc=00000001, qop=auth, response="92b8666de7146c866d21039e931f22cd"
> User-Agent: curl/7.87.0
> Proxy-Connection: Keep-Alive
> 
* Proxy CONNECT aborted
* Closing connection 0
curl: (56) Proxy CONNECT aborted

Microproxy output for HTTPS:

2023/02/11 02:37:09 [094] INFO: Running 2 CONNECT handlers
2023/02/11 02:37:09 [094] INFO: on 1th handler: &{1 <nil> 0x68d9a0} showip.net:443

Possible reason:

Dumping of r.Header in ServeHTTP (vendor/github.com/elazarl/goproxy/proxy.go) shows "User-Agent=curl/7.87.0" and "Proxy-Connection=Keep-Alive" from first CONNECT request only.
It seems that second CONNECT request from Curl is not passed to ServeHTTP at all.

Is it bug in Curl or in Microproxy?