Fetching a feed via SSL (https) through and HTTP proxy server, on a system with an installed libcurl version of 7.30.0 or newer results in the beginning of the feed being clipped by exactly the number of characters of header data added by the proxy server.

As noted in the libcurl change log (http://curl.haxx.se/changes.html) and this bug report (http://sourceforge.net/p/curl/bugs/1204/), starting with version 7.30.0 of libcurl, it correctly reports the size of all headers added to the response in the CURLINFO_HEADER_SIZE option.

As a result, on a system with a version of libcurl newer than 7.30.0, function http_request_get() in libraries/http_request.inc is clipping the beginning of the response data because it assumes a libcurl that doesn't count the size of proxy-added headers in CURLINFO_HEADER_SIZE.

The attached patch only removes the proxy-added headers if we are using a version of libcurl earlier than 7.30.0.

CommentFileSizeAuthor
#4 feed_ssl_via_proxy-v2.patch1.41 KBttaylor249
feed_ssl_via_proxy.patch1.41 KBttaylor249
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

MegaChriz’s picture

MegaChriz CreditAttribution: MegaChriz commented
Version: 7.x-2.0-alpha8 » 7.x-2.x-dev
Status: Active » Needs review

Hm, is this what is causing the following error when fetching a feed from drupal.org?

HRCurlException: cURL error (60) SSL certificate problem: unable to get local issuer certificate for https://www.drupal.org/node/feed in http_request_get()

In the dev version of Feeds #1062178: Add configuration option to allow invalid/unverified or (self certified) SSL certificates was committed to work around this problem by providing an option to accept invalid SSL certificates.

I'm on curl 7.19 at the moment, so I can't tell.

MegaChriz’s picture

MegaChriz CreditAttribution: MegaChriz commented
Issue tags: +Curl, +ssl
Related issues: +#2419111: Configuration option to allow invalid SSL certificates is not used when option "Auto detect feeds" is enabled
MegaChriz’s picture

MegaChriz CreditAttribution: MegaChriz commented
Related issues: -#2419111: Configuration option to allow invalid SSL certificates is not used when option "Auto detect feeds" is enabled

Oops, disregard that comment about the cURL error. That error happens before evaluating the headers, so this issue has nothing to do with that.

ttaylor249’s picture

ttaylor249 CreditAttribution: ttaylor249 commented
FileSize
feed_ssl_via_proxy-v2.patch1.41 KB

Attached is a slightly modified version of my patch which makes the libcurl version test strictly less than 7.30.0 as that is the version of libcurl with the correct behaviour.

  • twistor committed 802aa49 on 7.x-2.x authored by ttaylor249 
    Issue #2427497 by ttaylor249: Fetching feed via SSL through proxy doesn'...
twistor’s picture

twistor CreditAttribution: twistor commented
Status: Needs review » Fixed

Fixed up the comments and made the patch a bit simpler.

Thanks for tracking this down.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.