[Bug 235548] fetch(1): Options -s and -S cause Bad Request when used with https URL and proxy.

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Feb 6 05:54:17 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235548

            Bug ID: 235548
           Summary: fetch(1): Options -s and -S cause Bad Request when
                    used with https URL and proxy.
           Product: Base System
           Version: 12.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: mickey242 at gmx.net

The commandline options '-s' and '-S' of fetch(1) to report/require remote file
size fail with 'Bad Request' when used with a https URL through a (squid) proxy
server (no SSL bump, connect through proxy). Without proxy or using http
instead of https both works.

$ env HTTP_PROXY=http://10.6.6.1:3128 fetch -s
https://download.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
fetch: Bad Request

$ env HTTP_PROXY=http://10.6.6.1:3128 fetch -s
http://download.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
599712

$ fetch -s
https://download.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
599712

$ env HTTP_PROXY=http://10.6.6.1:3128 fetch -S 599712
https://download.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
fetch: https://download.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz:
Bad Request

$ env HTTP_PROXY=http://10.6.6.1:3128 fetch -S 599712
http://download.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
powerdevil-5.14.5.tar.xz              585 kB  329 kBps   02s

$ fetch -S 599712
https://download.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
powerdevil-5.14.5.tar.xz              585 kB  312 kBps   02s

The proxy log shows two requests for each attempt that failed with 'Bad
Request'. In case of the '-s' option it shows:

"CONNECT download.kde.org:443 HTTP/1.1" 200 6863 TCP_TUNNEL:HIER_DIRECT
"HEAD /pub/mirrors/ftp.kde.org/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
HTTP/1.1" 400 301 NONE:HIER_NONE

And with the '-S 599712' option:

"CONNECT download.kde.org:443 HTTP/1.1" 200 7243 TCP_TUNNEL:HIER_DIRECT
"GET
/pub/mirrors/ftp.kde.org/pub/kde/stable/plasma/5.14.5/powerdevil-5.14.5.tar.xz
HTTP/1.1" 400 3973 NONE:HIER_NONE

This is particularly bad cause the ports system uses these options to fetch the
required distfiles. On ports that use https URLs the first attempt will always
fail and cause a fallback to another site.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list