Hi, I am trying to get tcltls to tunnel through a squid proxy with https using ::http version 2.8.11 and tls version 1.7.22. Without the proxy
I can retrieve web sites via https and with the proxy I can retrieve
web sites over port 80, but when I try https w/ the proxy I get error:
wrong version.
Maybe the problem is how I run http::register. I tried different combinations.
Which register command do I need, or do I need both of these: ::http::register https 443 ::tls::socket
::http::register https 3128 ::tls::socket
3182 is the proxy port.
I configured proxyhost and proxy port only. the current config values are:
(EzTAB) 4 % ::http::config
-accept */* -proxyfilter http::ProxyRequired -proxyhost 192.168.1.151 -proxyport 3128 -urlencoding utf-8 -useragent {Mozilla/5.0 (Windows; U; Windows NT 6.3) http/2.8.11 Tcl/8.6.7}
Thanks for any help.
Hi, I am trying to get tcltls to tunnel through a squid proxy with https using ::http version 2.8.11 and tls version 1.7.22. Without the proxy
I can retrieve web sites via https and with the proxy I can retrieve
web sites over port 80, but when I try https w/ the proxy I get error:
wrong version.
Maybe the problem is how I run http::register. I tried different combinations.
Which register command do I need, or do I need both of these: ::http::register https 443 ::tls::socket
::http::register https 3128 ::tls::socket
3182 is the proxy port.
I configured proxyhost and proxy port only. the current config values are:
(EzTAB) 4 % ::http::config
-accept */* -proxyfilter http::ProxyRequired -proxyhost 192.168.1.151 -proxyport 3128 -urlencoding utf-8 -useragent {Mozilla/5.0 (Windows; U; Windows NT 6.3) http/2.8.11 Tcl/8.6.7}
Thanks for any help.
Here is my code (almost direct cut/paste from my source code, so maybe not fully self contained). Hope it helps.
package require autoproxy
package require twapi
set ::proxy_host ""
set ::proxy_port ""
set ::proxy_prot "HTTP"
set ::proxy_user ""
set ::proxy_pass ""
set ::proxy_CAfile ""
set ::proxy_ssl2 0
set ::proxy_ssl3 0
set ::proxy_tls1 1
set ::proxy_tls1.1 1
set ::proxy_tls1.2 1
proc NumberIsInteger {x} {
if {[string is double -strict $x]} {
if {[regexp {^[0-9]{1,}$} $x]} {
if {[string length $x]>1} {
if {[string index $x 0]!=0} {
return 1
} else {
return 0
}
} else {
return 1
}
} else {
return 0
}
} else {
return 0
}
}
proc IsURL {path} {
if {[string match -nocase [string range $path 0 4] "http:"] || [string match -nocase [string range $path 0 5] "https:"]} {
return 1
} else {
return 0
}
}
proc PathSplit {path} {
set atoms [file split $path]
set root [lindex $atoms 0]
if {[string range $root 0 1]=="//"} {
foreach share [::twapi::wnet_connected_resources] {
lassign $share drive netdrive
set netdrive [file normalize $netdrive]
if {[string equal -nocase $netdrive $root]} {
if {[string index $drive end]!="/"} {
set drive $drive/
}
set atoms [lreplace $atoms 0 0 $drive]
break
}
}
} elseif {[IsURL $path]} {
lassign $atoms tp domain
if {[string range $tp 0 4]=="https"} {
lset atoms 0 https://
} elseif {[string range $tp 0 3]=="http"} {
lset atoms 0 http://
}
}
return $atoms
}
proc ProxyApply {} {
variable proxy_host
variable proxy_port
variable proxy_prot
variable proxy_user
variable proxy_pass
variable proxy_CAfile
variable proxy_pass_enc ""
if {$proxy_user!=""} {
variable proxy_pass_enc [base64::encode $proxy_user:$proxy_pass]
}
variable threadsuse
set url [::autoproxy::init]
if {$proxy_host=="" || $proxy_port==""} {
# ::autoproxy::configure
lassign [PathSplit $url] prot host_and_port
if {$prot in [list "http://" "https://"]} {
lassign [split $host_and_port ":"] host port
if {[NumberIsInteger $port]} {
set proxy_prot $prot
set proxy_host $host
set proxy_port $port
}
}
}
if {$proxy_host=="" || $proxy_port==""} {
} else {
::autoproxy::configure -host $proxy_host -port $proxy_port
if {$proxy_prot=="https://"} {
::autoproxy::configure -tls_package twapi; # Use twapi instead of tls
}
if {$proxy_user!=""} {
::autoproxy::configure -basic -username $proxy_user -password $proxy_pass
}
}
http::config -proxyfilter ProxyFilter
}
proc ProxyFilter {host} {
variable proxy_host
variable proxy_port
variable proxy_prot
variable proxy_user
variable proxy_pass
variable proxy_CAfile
variable proxy_pass_enc
if {$proxy_host=="" || $proxy_port==""} {
return
}
# Add authorisation header to the request (by Anders Ramdahl)
if {$proxy_user!=""} {
catch {
upvar state State
set State(-headers) [concat [list "Proxy-Authorization" [concat "Basic" $proxy_pass_enc]] $State(-headers)]
}
}
return [list $proxy_host $proxy_port]
}
proc TLSInit {} {
variable noexe
variable sourcedir
variable proxy_host
variable proxy_port
variable proxy_prot
variable proxy_CAfile
variable proxy_ssl2
variable proxy_ssl3
variable proxy_tls1
variable proxy_tls1.1
variable proxy_tls1.2
variable timeout
# tls help on http://www.sensus.org/tcl/tls.htm
catch {::http::unregister https}
# Apply proxy settings if available
ProxyApply
# If proxy is not set
if {$proxy_host=="" || $proxy_port==""} {
# Use twapi (CA file is not needed)
set code [catch {set tlssocket [http::register https 443 twapi::tls_socket]} err]
if {$code} {
set tlssocket ""
}
# If proxy is set
} else {
set timeout [expr {$timeout*10}]
set options [list]
set cafile [string map {\\ /} $proxy_CAfile]
if {$cafile!=""} {
lappend options -request 1
lappend options -require 1
}
if {$proxy_prot=="HTTPS"} {
if {$proxy_ssl2==1} {
lappend options -ssl2 $proxy_ssl2
}
if {$proxy_ssl3==1} {
lappend options -ssl3 $proxy_ssl3
}
if {$proxy_tls1==1} {
lappend options -tls1 $proxy_tls1
}
if {${proxy_tls1.1}==1} {
lappend options -tls1.1 ${proxy_tls1.1}
}
if {${proxy_tls1.2}==1} {
lappend options -tls1.2 ${proxy_tls1.2}
}
}
set tlssocket [::http::register https 443 [list autoproxy::tls_socket {*}$options]]
}
return $tlssocket
}
TLSInit
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 285 |
Nodes: | 16 (2 / 14) |
Uptime: | 27:45:39 |
Calls: | 6,448 |
Files: | 12,050 |
Messages: | 5,254,475 |