Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re: IO::Socket::SSL with http proxy tunnel?

by lembark (Novice)
on Jun 15, 2022 at 19:18 UTC ( #11144779=note: print w/replies, xml ) Need Help??

in reply to IO::Socket::SSL with http proxy tunnel?

So much for checking the preview...

Trying to access a service behind a firewall that uses http proxies.

Q: Anyone have experience, or reference to a working example, of using
IO::Socket::* to connect with this soft of a HTTP->HTTPS tunnel proxy?

thank you

Homegrown perl-5.34.1.
RHEL6 for system lib's yes, 6.

Curl to the site shows something like (hostnames & IP's modified):

curl --verbose ''
* Trying * Connected to ( port 80 (#0)
* Establish HTTP proxy tunnel to
> Host: > User-Agent: curl/7.44.0
> Proxy-Connection: Keep-Alive
< HTTP/1.1 503 Service Unavailable
< Cache-Control: no-cache
< X-XSS-Protection: 1
< Connection: close
< Content-Type: text/html; charset=utf-8
< Content-Length: 750
< Pragma: no-cache
< Set-Cookie: frobnicate; path=/; Httponly
< * Received HTTP code 503 from proxy after CONNECT
* Closing connection 0 curl: (56) Received HTTP code 503 from proxy after CONNECT

Looking at the tunnel portion I've tried several approaches shown in IO::Socket::SSL:

Under "Talk Plain and SSL With The Same Socket" alternatives are turning a stock INET
socket into an SSL:
  my $sock = IO::Socket::INET->new(...) or die $!;
  IO::Socket::SSL->start_SSL($sock,%sslargs) or die $SSL_ERROR;
  $sock->stop_SSL or die $SSL_ERROR;

Or starting the connection without SSL and going from there:

  my $sock = IO::Socket::SSL->new( PeerAddr => ... SSL_startHandshake => 0, %sslargs ) or die $!;

Both of these get me "connection reset by peer", maybe because the HTTP portion of
the connection doesn't like the switchover to SSL.

    my $sock = IO::Socket::INET->new( %http_argz );
    IO::Socket::SSL->start_SSL ( $sock , %https_argz );
    print $sock "GET / HTTP/1.0\r\n\r\n";

Leaves me with a sigpipe. 
  • Comment on Re: IO::Socket::SSL with http proxy tunnel?

Replies are listed 'Best First'.
Re^2: IO::Socket::SSL with http proxy tunnel?
by NERDVANA (Hermit) on Jun 17, 2022 at 02:08 UTC
    Re-implementing HTTP over proxy using a raw SSL socket seems like a lot of work. (personally I would try to get the service to use SSH tunneling, but maybe you don't have control over that)

    I would guess someone already did HTTP proxy in Perl before, and a little googling proved fruitful:

    Stack Overflow: Perl HTTPS over proxy using LWP::UserAgent

    Does that do what you need?

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11144779]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (5)
As of 2022-12-01 06:12 GMT
Find Nodes?
    Voting Booth?