World: r3wp

Thanks

I have a problem with HTTPS over a proxy. I'm using REBOL/Command 
2.5.6.3.1, that came with our SDK. This version first need the HTTPS 
protocol to be activated using this code:


net-utils/net-install HTTPS make system/schemes/http/handler [] 443

system/schemes/https: make system/schemes/https [user-agent: reform 
["REBOL" system/product system/version]]

I activated trace by typing: trace/net on

Our proxy is set up ok, as I can read the internet with a browser 
using it (both HTTP and HTTPS).
Now if I in REBOL do this:

>> s: read https://webservices.rki.dk

I get:

URL Parse: none none webservices.rki.dk none none none
Net-log: ["Opening" "ssl" "for" "HTTPS"]
connecting to: webservices.rki.dk
Net-log: {CONNECT webservices.rki.dk:443 HTTP/1.1
Host: webservices.rki.dk:443

}
Net-log: "HTTP/1.0 200 Connection established"
Net-log: {GET https://webservices.rki.dk:443/ HTTP/1.0
Accept: */*
Connection: close
User-Agent: REBOL Command 2.5.6.3.1
Host: webservices.rki.dk:443
}
Net-log: none

** User Error: Error.  Target url: https://webservices.rki.dk:443/ 
could not be
retrieved.  Server response: none
** Near: s: read https://webservices.rki.dk

I see two possibilities:

1) The proxy is not supporting tunneling, as required by reading 
the REBOL documentation http://www.rebol.com/docs/ssl.html
2) There's a bug in the REBOL/Command, I'm using.

Any ideas would be very much appreciated!

does it work without the proxy?

Yes, I get this result:

>> s: read https://webservices.rki.dk
URL Parse: none none webservices.rki.dk none none none
Net-log: ["Opening" "ssl" "for" "HTTPS"]
connecting to: webservices.rki.dk
Net-log: {GET / HTTP/1.0
Accept: */*
Connection: close
User-Agent: REBOL Command 2.5.6.3.1
Host: webservices.rki.dk:443
}
Net-log: "HTTP/1.1 200 OK"
Net-log: ["low level read of " 2048 "bytes"]
Net-log: ["low level read of " 2048 "bytes"]
Net-log: ["low level read of " 2048 "bytes"]
== {
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
  <HEAD>
    <title>RKI Webservices</title>
    <meta na...

I guess a web browser works ok?

with the proxy...

Yes.

I tested with Mozilla.

And I'm sure, I'm going through the proxy with the browser, as I 
tried a wrong TCP/IP port and got a proxy error. With the rigth port, 
it works ok.

and can you read non ssl pages thru the proxy with rebol?

Yes, like this:

>> s: read http://www.rebol.com
URL Parse: none none www.rebol.com none none none
Net-log: ["Opening" "tcp" "for" "HTTP"]
connecting to: www.rebol.com
Net-log: {GET http://www.rebol.com/HTTP/1.0
Accept: */*
Connection: close
User-Agent: REBOL Command 2.5.6.3.1
Host: www.rebol.com
}
Net-log: "HTTP/1.0 200 OK"
Net-log: ["low level read of " 2048 "bytes"]
Net-log: ["low level read of " 2048 "bytes"]
Net-log: ["low level read of " 2048 "bytes"]
Net-log: ["low level read of " 2048 "bytes"]
Net-log: ["low level read of " 2048 "bytes"]
Net-log: ["low level read of " 2048 "bytes"]
== {<html>
<head>

<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<title>REBOL Technologies</title>
<style ...

And if I try with a wrong TCP/IP port configuration (like I did with 
the browser test), I get this:

>> s: read http://www.rebol.com
URL Parse: none none www.rebol.com none none none
Net-log: ["Opening" "tcp" "for" "HTTP"]
connecting to: www.rebol.com
** Access Error: Cannot connect to 193.3.239.91
** Where: open-proto
** Near: s: read http://www.rebol.com

So I am going through the proxy with REBOL.

so, the problem is most likely with Rebol.

Have u tried using curl ?

No, what is curl?

it's a library and also command line utlity for doing web stuff.

curl is a command line tool for transferring files with URL syntax, 
supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and 
LDAP. Curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP 
uploading, HTTP form based upload, proxies, cookies, user+password 
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file 
transfer resume, proxy tunneling and a busload of other useful tricks.

http://curl.haxx.se/

I used it before I got command.

wrote results out to data files, and then parsed the results out 
with rebol.

Geomol: What proxy are you using?

Carl: I have to check that at work tomorrow (I didn't set it up). 
We're testing on a proxy, and another one is at a customer, where 
it doesn't work either. The customer is the norwegian oil company 
Statoil, and we have their words, that it supports "tunnelling", 
but I'm sceptical as usual. ;-)

Geomol, how you set the proxy in Rebol?

In the SDK, I use the set-network command. Else the set-net command 
can be used.

Can you use ethereal to see if the packets are all going thru the 
proxy?

I should like to know what is the proxy-type you set with set-net

Proxy type is generic.

Graham, any relation to the other Curl language/platform?  http://www.curl.com/

Completely different.  I think we discussed www.curl.com on the mailing 
list many years ago.  Someone was saying that they had a proposition 
for View to do a job, but it ended up being done by Curl.

There was discussion way back in 1991 http://www.rebol.org/cgi-bin/cgiwrap/rebol/ml-display-thread.r?m=rmlXQTK
about Curl, and the 30Mb download required.

....you mean 2001

Carl: On the test system, we use the proxy named squid version 2.5.9_1 
(http://www.squid-cache.org) under FreeBSD 5.3.

I also tried reading a https page using command and squid, and couldn't 
get it to work.

Altme works throught squid though

Thanks Graham. Good that someone else can recreate the problem.

Is Altme communicating on plain TCP/IP protocol? Does Altme use encryption 
in any way? SSL?

Altme uses encryption but not ssl

I just so happened to have squid setup next to me for another purpose 
...so could easily test.

Out customer Statoil use a hardware proxy from NetApp called NetCache, 
and they have the same problem.
http://www.netapp.com/products/netcache/netcache_family.html

Tunnelling is supported according to their specs: http://www.netapp.com/products/software/software_specs.html

Graham: Do you know, how tunnelling works with squid? (I'm not a 
proxy expert in any way.) Does it have to be turned on or something 
in the config file?

I see the spelling "tunelling" with one 'n' now and then, in case 
you're searching the documentation.

Seems like SSL Tunnelling with squid is on by default on certain 
ports using the CONNECT method:

http://www.squid-cache.org/mail-archive/squid-users/200210/0295.html

Our customer was monitoring the trafik and could see, that nothing 
happened after the CONNECT, so maybe the problem is, that REBOL doesn't 
continue after the CONNECT!? As I understand it, the CONNECT method 
is used to establish a connection between the two computers (client 
and server), and then the proxy simple let the communication continue 
without touching it (allowing SSL encryption and the like). REBOL 
can make the connection, but fail to communicate afterwards. (My 
guess.)

It's interesting, that Altme works using encryption too!? Is the 
CONNECT method in use in this situation?

an encryption tool? I think not ... IMO altme is built upon SSL capability 
of Rebol/Command SDK or even Rebol/Pro? Dunno ...

Pekr: Graham was just saying, that "Altme uses encryption but not 
ssl"

Geomol - there is nothing like "connect". If you have a free bit 
of a free time, I suggest you to download Winpcap and Ethereal - 
they are both free and you get cool network monitoring tool. You 
can learn a lot ...

well, maybe he is right, Graham is clever guy :-)

it may just use normal means of tcp communication with encrypted 
content, using RSA for e.g.

see http://www.rebol.com/docs/encryption.html