From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mira@nena.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 0C710D438
 for <pve-devel@lists.proxmox.com>; Fri, 15 Apr 2022 16:31:24 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 032815717
 for <pve-devel@lists.proxmox.com>; Fri, 15 Apr 2022 16:31:24 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id AC57C570C
 for <pve-devel@lists.proxmox.com>; Fri, 15 Apr 2022 16:31:22 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 98C0941EE5
 for <pve-devel@lists.proxmox.com>; Fri, 15 Apr 2022 16:31:18 +0200 (CEST)
From: Mira Limbeck <m.limbeck@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Fri, 15 Apr 2022 14:27:23 +0200
Message-Id: <20220415122722.444806-1-m.limbeck@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.192 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 NO_DNS_FOR_FROM         0.001 Envelope sender has no MX or A DNS records
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pve-devel] [PATCH debcargo-conf] ureq: add https-proxy-support
 patch
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 15 Apr 2022 14:31:24 -0000

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
---
upstream pull request:
https://github.com/algesten/ureq/pull/495


 .../patches/add-https-proxy-support.patch     | 231 ++++++++++++++++++
 src/ureq/debian/patches/series                |   1 +
 2 files changed, 232 insertions(+)
 create mode 100644 src/ureq/debian/patches/add-https-proxy-support.patch
 create mode 100644 src/ureq/debian/patches/series

diff --git a/src/ureq/debian/patches/add-https-proxy-support.patch b/src/ureq/debian/patches/add-https-proxy-support.patch
new file mode 100644
index 00000000..84f00116
--- /dev/null
+++ b/src/ureq/debian/patches/add-https-proxy-support.patch
@@ -0,0 +1,231 @@
+diff --git a/src/lib.rs b/src/lib.rs
+index 731845c..1afb2e4 100644
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -356,8 +356,7 @@ pub(crate) fn default_tls_config() -> std::sync::Arc<dyn TlsConnector> {
+ // calls at the top of the crate (`ureq::get` etc).
+ #[cfg(not(feature = "tls"))]
+ pub(crate) fn default_tls_config() -> std::sync::Arc<dyn TlsConnector> {
+-    use crate::stream::HttpsStream;
+-    use std::net::TcpStream;
++    use crate::stream::{HttpsStream, Stream};
+     use std::sync::Arc;
+ 
+     struct NoTlsConfig;
+@@ -366,7 +365,7 @@ pub(crate) fn default_tls_config() -> std::sync::Arc<dyn TlsConnector> {
+         fn connect(
+             &self,
+             _dns_name: &str,
+-            _tcp_stream: TcpStream,
++            _tcp_stream: Stream,
+         ) -> Result<Box<dyn HttpsStream>, crate::error::Error> {
+             Err(ErrorKind::UnknownScheme
+                 .msg("cannot make HTTPS request because no TLS backend is configured"))
+diff --git a/src/ntls.rs b/src/ntls.rs
+index 1dceffe..6742c36 100644
+--- a/src/ntls.rs
++++ b/src/ntls.rs
+@@ -1,6 +1,6 @@
+ use crate::error::Error;
+ use crate::error::ErrorKind;
+-use crate::stream::{HttpsStream, TlsConnector};
++use crate::stream::{HttpsStream, Stream, TlsConnector};
+ 
+ use std::net::TcpStream;
+ use std::sync::Arc;
+@@ -11,11 +11,7 @@ pub(crate) fn default_tls_config() -> std::sync::Arc<dyn TlsConnector> {
+ }
+ 
+ impl TlsConnector for native_tls::TlsConnector {
+-    fn connect(
+-        &self,
+-        dns_name: &str,
+-        tcp_stream: TcpStream,
+-    ) -> Result<Box<dyn HttpsStream>, Error> {
++    fn connect(&self, dns_name: &str, tcp_stream: Stream) -> Result<Box<dyn HttpsStream>, Error> {
+         let stream =
+             native_tls::TlsConnector::connect(self, dns_name, tcp_stream).map_err(|e| {
+                 ErrorKind::ConnectionFailed
+@@ -28,8 +24,8 @@ impl TlsConnector for native_tls::TlsConnector {
+ }
+ 
+ #[cfg(feature = "native-tls")]
+-impl HttpsStream for native_tls::TlsStream<TcpStream> {
++impl HttpsStream for native_tls::TlsStream<Stream> {
+     fn socket(&self) -> Option<&TcpStream> {
+-        Some(self.get_ref())
++        self.get_ref().socket()
+     }
+ }
+diff --git a/src/proxy.rs b/src/proxy.rs
+index 3631055..547667c 100644
+--- a/src/proxy.rs
++++ b/src/proxy.rs
+@@ -4,6 +4,7 @@ use crate::error::{Error, ErrorKind};
+ #[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)]
+ pub enum Proto {
+     HTTPConnect,
++    HTTPSConnect,
+     SOCKS4,
+     SOCKS4A,
+     SOCKS5,
+@@ -90,6 +91,7 @@ impl Proxy {
+         let proto = if proxy_parts.len() == 2 {
+             match proxy_parts.next() {
+                 Some("http") => Proto::HTTPConnect,
++                Some("https") => Proto::HTTPSConnect,
+                 Some("socks4") => Proto::SOCKS4,
+                 Some("socks4a") => Proto::SOCKS4A,
+                 Some("socks") => Proto::SOCKS5,
+diff --git a/src/rtls.rs b/src/rtls.rs
+index 3d1e8dd..ba7b900 100644
+--- a/src/rtls.rs
++++ b/src/rtls.rs
+@@ -7,7 +7,7 @@ use once_cell::sync::Lazy;
+ 
+ use crate::ErrorKind;
+ use crate::{
+-    stream::{HttpsStream, TlsConnector},
++    stream::{HttpsStream, Stream, TlsConnector},
+     Error,
+ };
+ 
+@@ -26,11 +26,11 @@ fn is_close_notify(e: &std::io::Error) -> bool {
+     false
+ }
+ 
+-struct RustlsStream(rustls::StreamOwned<rustls::ClientConnection, TcpStream>);
++struct RustlsStream(rustls::StreamOwned<rustls::ClientConnection, Stream>);
+ 
+ impl HttpsStream for RustlsStream {
+     fn socket(&self) -> Option<&TcpStream> {
+-        Some(self.0.get_ref())
++        self.0.get_ref().socket()
+     }
+ }
+ 
+@@ -93,7 +93,7 @@ impl TlsConnector for Arc<rustls::ClientConfig> {
+     fn connect(
+         &self,
+         dns_name: &str,
+-        mut tcp_stream: TcpStream,
++        mut tcp_stream: Stream,
+     ) -> Result<Box<dyn HttpsStream>, Error> {
+         let sni = rustls::ServerName::try_from(dns_name)
+             .map_err(|e| ErrorKind::Dns.msg(format!("parsing '{}'", dns_name)).src(e))?;
+diff --git a/src/stream.rs b/src/stream.rs
+index a786ba5..ee09167 100644
+--- a/src/stream.rs
++++ b/src/stream.rs
+@@ -11,6 +11,8 @@ use chunked_transfer::Decoder as ChunkDecoder;
+ #[cfg(feature = "socks-proxy")]
+ use socks::{TargetAddr, ToTargetAddr};
+ 
++#[cfg(not(feature = "native-tls"))]
++use crate::default_tls_config;
+ use crate::proxy::Proxy;
+ use crate::{error::Error, proxy::Proto};
+ 
+@@ -25,11 +27,11 @@ pub trait TlsConnector: Send + Sync {
+     fn connect(
+         &self,
+         dns_name: &str,
+-        tcp_stream: TcpStream,
++        tcp_stream: Stream,
+     ) -> Result<Box<dyn HttpsStream>, crate::error::Error>;
+ }
+ 
+-pub(crate) struct Stream {
++pub struct Stream {
+     inner: BufReader<Box<dyn Inner + Send + Sync + 'static>>,
+ }
+ 
+@@ -323,7 +325,7 @@ pub(crate) fn connect_http(unit: &Unit, hostname: &str) -> Result<Stream, Error>
+     //
+     let port = unit.url.port().unwrap_or(80);
+ 
+-    connect_host(unit, hostname, port).map(Stream::from_tcp_stream)
++    connect_host(unit, hostname, port)
+ }
+ 
+ pub(crate) fn connect_https(unit: &Unit, hostname: &str) -> Result<Stream, Error> {
+@@ -336,7 +338,7 @@ pub(crate) fn connect_https(unit: &Unit, hostname: &str) -> Result<Stream, Error
+     Ok(Stream::new(https_stream))
+ }
+ 
+-pub(crate) fn connect_host(unit: &Unit, hostname: &str, port: u16) -> Result<TcpStream, Error> {
++pub(crate) fn connect_host(unit: &Unit, hostname: &str, port: u16) -> Result<Stream, Error> {
+     let connect_deadline: Option<Instant> =
+         if let Some(timeout_connect) = unit.agent.config.timeout_connect {
+             Instant::now().checked_add(timeout_connect)
+@@ -375,7 +377,10 @@ pub(crate) fn connect_host(unit: &Unit, hostname: &str, port: u16) -> Result<Tcp
+         debug!("connecting to {} at {}", netloc, &sock_addr);
+ 
+         // connect with a configured timeout.
+-        let stream = if None != proto && Some(Proto::HTTPConnect) != proto {
++        let stream = if None != proto
++            && Some(Proto::HTTPConnect) != proto
++            && Some(Proto::HTTPSConnect) != proto
++        {
+             connect_socks(
+                 unit,
+                 proxy.clone().unwrap(),
+@@ -399,7 +404,7 @@ pub(crate) fn connect_host(unit: &Unit, hostname: &str, port: u16) -> Result<Tcp
+         }
+     }
+ 
+-    let mut stream = if let Some(stream) = any_stream {
++    let stream = if let Some(stream) = any_stream {
+         stream
+     } else if let Some(e) = any_err {
+         return Err(ErrorKind::ConnectionFailed.msg("Connect error").src(e));
+@@ -419,8 +424,33 @@ pub(crate) fn connect_host(unit: &Unit, hostname: &str, port: u16) -> Result<Tcp
+         stream.set_write_timeout(unit.agent.config.timeout_write)?;
+     }
+ 
+-    if proto == Some(Proto::HTTPConnect) {
+-        if let Some(ref proxy) = proxy {
++    if proto == Some(Proto::HTTPSConnect) || proto == Some(Proto::HTTPConnect) {
++        if let Some((mut stream, proxy)) = match (proto, proxy) {
++            (Some(Proto::HTTPSConnect), Some(ref proxy)) => {
++                let tls_conf;
++                #[cfg(feature = "native-tls")]
++                {
++                    tls_conf = native_tls::TlsConnector::new().unwrap();
++                }
++                #[cfg(not(feature = "native-tls"))]
++                {
++                    tls_conf = default_tls_config();
++                }
++                let proxy_conn = tls_conf
++                    .connect(&proxy.server, Stream::from_tcp_stream(stream))
++                    .unwrap();
++                Some((Stream::new(proxy_conn), proxy))
++            }
++            (Some(Proto::HTTPConnect), Some(ref proxy)) => {
++                Some((Stream::from_tcp_stream(stream), proxy))
++            }
++            _ => {
++                return Err(Error::new(
++                    ErrorKind::ProxyConnect,
++                    Some("No proxy defined, but proto set".into()),
++                ));
++            }
++        } {
+             write!(stream, "{}", proxy.connect(hostname, port)).unwrap();
+             stream.flush()?;
+ 
+@@ -436,10 +466,12 @@ pub(crate) fn connect_host(unit: &Unit, hostname: &str, port: u16) -> Result<Tcp
+             }
+ 
+             Proxy::verify_response(&proxy_response)?;
++            return Ok(stream);
+         }
++        panic!("should not reach here");
+     }
+ 
+-    Ok(stream)
++    Ok(Stream::from_tcp_stream(stream))
+ }
+ 
+ #[cfg(feature = "socks-proxy")]
diff --git a/src/ureq/debian/patches/series b/src/ureq/debian/patches/series
new file mode 100644
index 00000000..8364d5c3
--- /dev/null
+++ b/src/ureq/debian/patches/series
@@ -0,0 +1 @@
+add-https-proxy-support.patch
-- 
2.30.2