* [pve-devel] [PATCH proxmox-openid] fix #6541: openid: add missing connector chains
@ 2025-07-21 14:48 Mira Limbeck
2025-07-21 14:50 ` Mira Limbeck
2025-07-21 15:37 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 2 replies; 3+ messages in thread
From: Mira Limbeck @ 2025-07-21 14:48 UTC (permalink / raw)
To: pve-devel
With the upgrade to ureq 3 the TLS connectors (native-tls, rustls) now
require a transport (tcp) in the chain before it, otherwise they panic.
For HTTP Connect proxy support another ConnectProxy connector is
required.
The new chain, based on the DefaultConnector [0] chain in ureq, needs to
have the connectors in the order of:
ConnectProxy -> Tcp -> Tls
[0] https://github.com/algesten/ureq/blob/3.0.11/src/unversioned/transport/mod.rs#L346
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
---
proxmox-openid/src/http_client.rs | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
mode change 100644 => 100755 proxmox-openid/src/http_client.rs
diff --git a/proxmox-openid/src/http_client.rs b/proxmox-openid/src/http_client.rs
old mode 100644
new mode 100755
index e4628170..7d383d5d
--- a/proxmox-openid/src/http_client.rs
+++ b/proxmox-openid/src/http_client.rs
@@ -4,6 +4,7 @@ use std::io::Read;
use http::method::Method;
use openidconnect::{HttpRequest, HttpResponse};
+use ureq::unversioned::transport::Connector;
// Copied from OAuth2 create, because we want to use ureq with
// native-tls. But current OAuth2 crate pulls in rustls, so we cannot
@@ -43,7 +44,9 @@ fn ureq_agent() -> Result<ureq::Agent, Error> {
}
let agent = ureq::Agent::with_parts(
config.build(),
- ureq::unversioned::transport::NativeTlsConnector::default(),
+ ureq::unversioned::transport::ConnectProxyConnector::default()
+ .chain(ureq::unversioned::transport::TcpConnector::default())
+ .chain(ureq::unversioned::transport::NativeTlsConnector::default()),
ureq::unversioned::resolver::DefaultResolver::default(),
);
--
2.47.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [pve-devel] [PATCH proxmox-openid] fix #6541: openid: add missing connector chains
2025-07-21 14:48 [pve-devel] [PATCH proxmox-openid] fix #6541: openid: add missing connector chains Mira Limbeck
@ 2025-07-21 14:50 ` Mira Limbeck
2025-07-21 15:37 ` [pve-devel] applied: " Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Mira Limbeck @ 2025-07-21 14:50 UTC (permalink / raw)
To: pve-devel
On 7/21/25 16:48, Mira Limbeck wrote:
> With the upgrade to ureq 3 the TLS connectors (native-tls, rustls) now
> require a transport (tcp) in the chain before it, otherwise they panic.
>
> For HTTP Connect proxy support another ConnectProxy connector is
> required.
> The new chain, based on the DefaultConnector [0] chain in ureq, needs to
> have the connectors in the order of:
> ConnectProxy -> Tcp -> Tls
>
> [0] https://github.com/algesten/ureq/blob/3.0.11/src/unversioned/transport/mod.rs#L346
>
> Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
> ---
> proxmox-openid/src/http_client.rs | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
> mode change 100644 => 100755 proxmox-openid/src/http_client.rs
>
> diff --git a/proxmox-openid/src/http_client.rs b/proxmox-openid/src/http_client.rs
> old mode 100644
> new mode 100755
> index e4628170..7d383d5d
> --- a/proxmox-openid/src/http_client.rs
> +++ b/proxmox-openid/src/http_client.rs
> @@ -4,6 +4,7 @@ use std::io::Read;
> use http::method::Method;
>
> use openidconnect::{HttpRequest, HttpResponse};
> +use ureq::unversioned::transport::Connector;
>
> // Copied from OAuth2 create, because we want to use ureq with
> // native-tls. But current OAuth2 crate pulls in rustls, so we cannot
> @@ -43,7 +44,9 @@ fn ureq_agent() -> Result<ureq::Agent, Error> {
> }
> let agent = ureq::Agent::with_parts(
> config.build(),
> - ureq::unversioned::transport::NativeTlsConnector::default(),
> + ureq::unversioned::transport::ConnectProxyConnector::default()
> + .chain(ureq::unversioned::transport::TcpConnector::default())
> + .chain(ureq::unversioned::transport::NativeTlsConnector::default()),
> ureq::unversioned::resolver::DefaultResolver::default(),
> );
>
Sorry, the `openid` in the subject is a bit redundant. This should have
been `http_client` or maybe omitted entirely.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread* [pve-devel] applied: [PATCH proxmox-openid] fix #6541: openid: add missing connector chains
2025-07-21 14:48 [pve-devel] [PATCH proxmox-openid] fix #6541: openid: add missing connector chains Mira Limbeck
2025-07-21 14:50 ` Mira Limbeck
@ 2025-07-21 15:37 ` Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2025-07-21 15:37 UTC (permalink / raw)
To: pve-devel, Mira Limbeck
On Mon, 21 Jul 2025 16:48:32 +0200, Mira Limbeck wrote:
> With the upgrade to ureq 3 the TLS connectors (native-tls, rustls) now
> require a transport (tcp) in the chain before it, otherwise they panic.
>
> For HTTP Connect proxy support another ConnectProxy connector is
> required.
> The new chain, based on the DefaultConnector [0] chain in ureq, needs to
> have the connectors in the order of:
> ConnectProxy -> Tcp -> Tls
>
> [...]
Applied, many thanks for the quick find!
[1/1] fix #6541: openid: add missing connector chains
commit: bbc13cb51952afad0f6532c5b4d21d9f17a9c548
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-07-21 15:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-21 14:48 [pve-devel] [PATCH proxmox-openid] fix #6541: openid: add missing connector chains Mira Limbeck
2025-07-21 14:50 ` Mira Limbeck
2025-07-21 15:37 ` [pve-devel] applied: " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.