group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #45920
[Bug 1999909] Re: pro client times out when setting an https_proxy that uses HTTPS itself
This bug was fixed in the package ubuntu-advantage-tools - 29.4~22.04
---------------
ubuntu-advantage-tools (29.4~22.04) jammy; urgency=medium
* Backport new upstream release: (LP: #2029144) to jammy
ubuntu-advantage-tools (29.4) mantic; urgency=medium
* esm: remove static config file that pin packages from esm-infra
and esm-apps
ubuntu-advantage-tools (29.3) mantic; urgency=medium
* api: fix circular import that prevents enabled_services
endpoint from being imported
ubuntu-advantage-tools (29.2) mantic; urgency=medium
* d/ubuntu-advantage-tools.postinst:
- replace deb-systemd-invoke back to systemctl
* proxy: alert user if ca-certificates is not installed when using
a TLS-in-TLS proxy
ubuntu-advantage-tools (29.1) mantic; urgency=medium
* anbox: allow enabling service on container using the --access-only
flag
ubuntu-advantage-tools (29) mantic; urgency=medium
* d/control:
- update links for the project github page
* d/copyright:
- bump date to 2023
- update upstream-name and source
* d/ubuntu-advantage-tools.{postinst,postrm}:
- rename repo GPG keys from -advantage to -pro (GH: #1539)
- replace calls to systemctl for deb-systemd-invoke
* d/README.source:
- add file with basic explanation on the source code (GH: #2463)
* New upstream release 29 (LP: #2029144)
- anbox-cloud: add support for service
- api
+ new endpoint: u.pro.security.fix.plan.cve.v1
+ new endpoint: u.pro.security.fix.plan.usn.v1
+ new endpoint: u.apt_news.current_news.v1
+ add more data explaining the decision made for
u.pro.security.status.reboot_required.v1 endpoint
- contract:
+ send activityInfo after cli attach, enable and disable
+ start recording when the machine has attached to a Pro subscription
+ more reliable detection when running on a docker container
- esm: create static files to pin packages from esm-infra and esm-apps with
higher priority (GH: #2580)
- fix: ignore non-USN items on related usns
- landscape: add support for the service
- logging: update to ubuntupro logging namespace
- proxy: add support for TLS-in-TLS proxy (LP: #1999909)
- snapd: look for the snapd package instead of the snap command
- system: try/except logic to remove files and folders (LP: #2025731)
-- Lucas Moura <lucas.moura@xxxxxxxxxxxxx> Mon, 11 Sep 2023 12:28:29
-0300
** Changed in: ubuntu-advantage-tools (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** Changed in: ubuntu-advantage-tools (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1999909
Title:
pro client times out when setting an https_proxy that uses HTTPS
itself
Status in ubuntu-advantage-tools package in Ubuntu:
Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
Fix Released
Status in ubuntu-advantage-tools source package in Focal:
Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
Fix Released
Status in ubuntu-advantage-tools source package in Lunar:
Fix Released
Bug description:
[ Impact ]
User that use a TLS-in-TLS proxy are unable to properly use it in the Pro client since the network libraries we are using do not support that type of proxy configuration.
Therefore, users cannot properly attach and access many of the service
the Pro client delivers.
[ Test Plan ]
We will verify that the Pro client now supports that type of proxy through an integration test that was created specifically for this issue. We will attach the test results of running this integration test here
[ Where problems could occur ]
We are using pycurl to add support for this type of proxy. We only make requests using this library if all of the following requirements are true:
- The target url scheme is https
- The target host is not in no_proxy
- An https_proxy is configured either via pro's config or via environment
- The https_proxy url scheme is https
Therefore, the only problems that can occur are that we either use
pycurl for non TLS-in-TLS proxies or that we don't use it for valid
TLS-in-TLS proxies. In the case where we use pycurl for non TLS-in-TLS
proxies, it should not be a huge issue, as we expect pycurl to still
handle the request appropriately. And we believe our checks are
sufficient to avoid us not detecting a TLS-in-TLS proxy, so we
consider this a minor risk
[ Original Description ]
When attempting to set an https_proxy where the proxy URL itself uses HTTPS, the process times out. Judging from strace() output, the client does not attempt to negotiate TLS, and instead sends plaintext HTTP to the proxy, which ignores it until the process times out.
Reproduction:
root@foobar:~# pro config set http_proxy=https://foo:bar@xxxxxxx:443
Setting snap proxy
root@foobar:~# pro config set https_proxy=https://foo:bar@xxxxxxx:443
... this hangs forever either interrupted]
$ pro config set https://user:pass@xxxxxxxxx:443/
* times out and fails
Expected result:
* Configures a working proxy for subsequent pro client commands
Notes:
* was so far tested and reproduced with a proxy where TLS terminated on a network load balancer.
* a similar "curl -x {same-proxy-URI} {website}" works as expected.
* a similar "wget" with $ENV{https_proxy} set also times out.
* pro-client team has an example proxy URI with credentials that exhibits this behavior, but I'll try to come up with another reproducer for that end as well.
Versions:
ubuntu 22.04.1 LTS
ubuntu-advantage-tools 27.12~22.04.1
Thanks,
Dave
Canonical Support
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1999909/+subscriptions
