corretly use proxy CONNECT

There is a bug in LWP:UserAgent - it does not use CONNECT for https
proxy calls. So such calls fails with SQUID.

diff --git a/PVE/API2/APT.pm b/PVE/API2/APT.pm
index d5b381b57a94a7fa821c249c268425a67a6da9af..a46604896233149934e3b3b6db85b9a59e3de685 100644 (file)
--- a/PVE/API2/APT.pm
+++ b/PVE/API2/APT.pm
@@ -18,6 +18,7 @@ use PVE::INotify;
 use PVE::Exception;
 use PVE::RESTHandler;
 use PVE::RPCEnvironment;
+use PVE::API2Tools;
 
 use JSON;
 use PVE::JSONSchema qw(get_standard_option);
@@ -455,8 +456,14 @@ __PACKAGE__->register_method({
        $ua->max_size(1024*1024);
        $ua->ssl_opts(verify_hostname => 0); # don't care for changelogs
 
+       # HACK: LWP does not use proxy 'CONNECT' for https
+       local $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = "Net::SSL";
+       local ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD});
+
        if ($proxy) {
-           $ua->proxy(['http', 'https'], $proxy);
+           ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD}) =
+               PVE::API2Tools::parse_http_proxy($proxy);
+           $ua->proxy(['http'], $proxy);
        } else {
            $ua->env_proxy;
        }

diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
index a491add31ca3ecb2f61ba20de3b7ae9f8a0859d5..8ea874b26e3a634ce83bfdbaa79cd579be7f9aae 100644 (file)
--- a/PVE/API2/Subscription.pm
+++ b/PVE/API2/Subscription.pm
@@ -224,9 +224,16 @@ sub check_subscription {
     $req->content($content);
 
     my $ua = LWP::UserAgent->new(protocols_allowed => ['https'], timeout => 30);
+    $ua->ssl_opts(verify_hostname => 0); # don't care
+
+    # HACK: LWP does not use proxy 'CONNECT' for https
+    local $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = "Net::SSL";
+    local ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD});
 
     if ($proxy) {
-       $ua->proxy(['http', 'https'], $proxy);
+       ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD}) =
+           PVE::API2Tools::parse_http_proxy($proxy);
+       $ua->proxy(['http'], $proxy);
     } else {
        $ua->env_proxy;
     }

diff --git a/PVE/API2Tools.pm b/PVE/API2Tools.pm
index 8208745fc28fe491fb5e52da857f9314cc1248c8..2807ef6dfe83939ccc5ee0502015e0ad5ff9cd82 100644 (file)
--- a/PVE/API2Tools.pm
+++ b/PVE/API2Tools.pm
@@ -4,6 +4,8 @@ use strict;
 use warnings;
 use PVE::Tools;
 use Digest::MD5 qw(md5_hex);
+use URI;
+use URI::Escape;
 
 my $hwaddress;
 
@@ -113,4 +115,22 @@ sub extract_storage_stats {
     return $entry;
 };
 
+sub parse_http_proxy {
+    my ($proxyenv) = @_;
+
+    my $uri = URI->new($proxyenv);
+
+    my $scheme = $uri->scheme;
+    my $host = $uri->host;
+    my $port = $uri->port || 3128;
+
+    my ($username, $password);
+
+    if (defined(my $p_auth = $uri->userinfo())) {
+       ($username, $password) = map URI::Escape::uri_unescape($_), split(":", $p_auth, 2);
+    }
+
+    return ("$host:$port", $username, $password);
+}
+
 1;