trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: about event hooks for https messages
Date Wed, 04 Mar 2015 16:04:03 GMT

> On Mar 4, 2015, at 7:15 AM, 毅程 <phillipchengyi@gmail.com> wrote:
> 
> Hi:
> 
> Let me attach 
> 1. simple test plugin:testplugin.c
> 2. client side test script:ProxyTest.java

The java.net.Proxy class is encapsulating explicit HTTP proxy configurations. I would bet
that for https URLs, it is issuing a CONNECT request to the proxy. Once that happens, the
proxy can never see the contents of the encrypted channel. Check the method on TS_EVENT_HTTP_READ_REQUEST_HDR,
see if it is CONNECT.

> 3. the output: log.txt
> 
> From these, we can see
> when I send 2 http requests: (http://www.ebay.com/), all the triggers are invoked for
each request, so the sequence is following:
> 60011- TS_EVENT_HTTP_TXN_START
> 60002- TS_EVENT_HTTP_READ_REQUEST_HDR
> 60004- TS_EVENT_HTTP_SEND_REQUEST_HDR
> 60006- TS_EVENT_HTTP_READ_RESPONSE_HDR
> 60007- TS_EVENT_HTTP_SEND_RESPONSE_HDR
> 60012- TS_EVENT_HTTP_TXN_CLOSE: here we have the clientRspBodyBytes: 160167
> 
> 60011- TS_EVENT_HTTP_TXN_START
> 60002- TS_EVENT_HTTP_READ_REQUEST_HDR
> 60004- TS_EVENT_HTTP_SEND_REQUEST_HDR
> 60006- TS_EVENT_HTTP_READ_RESPONSE_HDR
> 60007- TS_EVENT_HTTP_SEND_RESPONSE_HDR
> 60012- TS_EVENT_HTTP_TXN_CLOSE: here we have the clientRspBodyBytes: 160167
> 
> when I send 2 https requests: (https://www.yahoo.com/), I got only following:
> 
> 60011- TS_EVENT_HTTP_TXN_START
> 60002- TS_EVENT_HTTP_READ_REQUEST_HDR
> 60012- TS_EVENT_HTTP_TXN_CLOSE: here we have the clientRspBodyBytes: 680190 (this contains
the size of 2 responses)
> 
> 
> What I expected is I can get the same/similar hook callback for https.
> Please review the test plugin code, client and log, if this is a problem, shall I open
a jira for this?
> 
> Cheng Yi
> 
> 
> 2015-03-04 6:27 GMT-08:00 Alan Carroll <solidwallofcode@yahoo-inc.com>:
> To emphasize James' point, there is no HTTPS engine, there is only the HTTP state machine.
HTTPS simply has a different encoding on the wire, the internals as far as ATS is concerned
are identical and handled by the same code.
> 
> What I would suspect is that his HTTPS connections are being blinded tunneled, not terminated,
on ATS.
> 
> 
> 

Mime
View raw message