http://www.perlmonks.org?node_id=11144779


in reply to IO::Socket::SSL with http proxy tunnel?

So much for checking the preview...

Trying to access a service behind a firewall that uses http proxies.

Q: Anyone have experience, or reference to a working example, of using
IO::Socket::* to connect with this soft of a HTTP->HTTPS tunnel proxy?

thank you

IO-Socket-SSL-2.074.tar.gz
Homegrown perl-5.34.1.
RHEL6 for system lib's yes, 6.

Curl to the site shows something like (hostnames & IP's modified):

curl --verbose 'https://foo.bar.net/bim/bam'
* Trying 10.10.10.10... * Connected to 10.10.10.10 (10.10.10.10) port 80 (#0)
* Establish HTTP proxy tunnel to foo.bar.net:443
> CONNECT foo.bar.net:443 HTTP/1.1
> Host: foo.bar.net:443 > User-Agent: curl/7.44.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 503 Service Unavailable
< Cache-Control: no-cache
< X-XSS-Protection: 1
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 750
< Pragma: no-cache
< Set-Cookie: frobnicate; path=/; Httponly
< * Received HTTP code 503 from proxy after CONNECT
* Closing connection 0 curl: (56) Received HTTP code 503 from proxy after CONNECT

Looking at the tunnel portion I've tried several approaches shown in IO::Socket::SSL:

https://metacpan.org/dist/IO-Socket-SSL/view/lib/IO/Socket/SSL.pod

Under "Talk Plain and SSL With The Same Socket" alternatives are turning a stock INET
socket into an SSL:
  
  my $sock = IO::Socket::INET->new(...) or die $!;
  IO::Socket::SSL->start_SSL($sock,%sslargs) or die $SSL_ERROR;
  $sock->stop_SSL or die $SSL_ERROR;

Or starting the connection without SSL and going from there:

  my $sock = IO::Socket::SSL->new( PeerAddr => ... SSL_startHandshake => 0, %sslargs ) or die $!;

Both of these get me "connection reset by peer", maybe because the HTTP portion of
the connection doesn't like the switchover to SSL.

  eval
  {
    my $sock = IO::Socket::INET->new( %http_argz );
    IO::Socket::SSL->start_SSL ( $sock , %https_argz );
    print $sock "GET / HTTP/1.0\r\n\r\n";
   };

Leaves me with a sigpipe. 

Replies are listed 'Best First'.
Re^2: IO::Socket::SSL with http proxy tunnel?
by NERDVANA (Deacon) on Jun 17, 2022 at 02:08 UTC
    Re-implementing HTTP over proxy using a raw SSL socket seems like a lot of work. (personally I would try to get the service to use SSH tunneling, but maybe you don't have control over that)

    I would guess someone already did HTTP proxy in Perl before, and a little googling proved fruitful:

    Stack Overflow: Perl HTTPS over proxy using LWP::UserAgent

    Does that do what you need?