-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support secure proxies by implementing HTTPS-in-HTTPS. #254
Comments
Probably related? encode/httpx#1424 (That issue is for the sync client.) Though the distinction b/w uvloop and plain asyncio is quite interesting here.
The |
No, i'm running program on Sorry for my incorrect schema. I connect to |
This is why proxy host looks like
I tried |
And I assume using As for this Just for the sake of narrowing down the problem, were you able to determine if the SSH tunnel could be part of the problem? I'd assume not, since that should be transparent to whatever application-level transmission gets performed over that connection — but who knows. |
Ok, i tested httpx.Client and got Same exception i got when try to fix this issue manually for httpcore/httpcore/_backends/asyncio.py Line 115 in cf45ea7
Here we pass if not getattr(transport, '_start_tls_compatible', False):
raise TypeError(
f'transport {transport!r} is not supported by start_tls()') And object which we pass does not have it. But Then i was think |
Hmm, interesting. :-) So In urllib3/urllib3#1923 we can see that the urllib3 team had to provide a custom So, hmm, unfortunately this will take some time to look into and resolve! @spumer Out of curiosity, would you be able to try connecting to your HTTPS proxy in a import trio
import curio
async def main():
async with httpx.AsyncClient(proxies="https://...") as client:
response = await client.get("https://...")
print(response)
trio.run(main)
curio.run(main()) I don't think those shouldn't be problematic, because both provide clean "wrap/unwrap SSL transport" APIs that httpcore/httpcore/_backends/trio.py Lines 37 to 54 in cf45ea7
But it's definitely worth checking! |
With |
I just came across this and found out that the Without understanding the full risks involved it seems like 2 things need to happen
|
Looks like a bug has already been reported https://bugs.python.org/issue37179 and is meant to be fixed in 3.10. When I'm looking through the CPython codebase it doesn't seem to have been fixed and that PR doesn't seem to address that particular problem so I'll add a comment there. Edit: Testing against 3.10.0a7 still has the problem. |
Looks like the PR was updated to support this and merged python/cpython#17975 but subsequently it was reverted python/cpython#25848 so 3.10 is still affected by this. |
I've opened a PR just for this problem, I still need to go through the CLA process but once that is done I'm hoping it will get accepted python/cpython#26454. |
Looks like it got lost in the pile, trying one more time python/cpython#28073 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Hello @stalebot - thanks for chiming in. I'm curious why you added a Good prompt to review if this issue is stale or not, tho. Thank you. I think we do still want this - right folks? But we probably ought to re-title it, because the issue more generally is just "we don't support HTTPS proxies right now" rather than specifically anything to do with So - questions...
|
Our issue on |
I think so, I don't use proxies very often but supporting such a thing sounds important, especially considering the prevalent of TLS today.
I don't have really anything to say except that the code for this sits in this repository right now AFAIK.
I haven't tried any of the other backends but I know for sure the asyncio limitation is a problem in cpython.
At least for asyncio I tried to fix it up with python/cpython#28073 but unfortunately there's some weird case where the tests are failing on Windows. I was never able to figure out why but there was trouble with how the various protocol/transports were closed and how it was all set up. I never had time to investigate it further unfortunately :(
That sounds like a good idea |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Didn't expect to see you back on this ticket @Stale. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I can't estabilish connection to target via https proxy.
:me: <-[ssh-tunnel]-> :protected-host: <-> :squid-proxy: <-> :target:
Here is my proxy settings for AsyncClient:
And i try to connect to 'https://target-hostname.com:8080' via that proxies.
When i use
uvloop
all works fine.When i use
asyncio
connection can not be established and failed with traceback:Traceback
The text was updated successfully, but these errors were encountered: