hoxy icon indicating copy to clipboard operation
hoxy copied to clipboard

Published 20 hours ago verified publisher icon greim

Some HTTPS sites trigger Parse Error

Open sholladay opened this issue 9 years ago • 0 comments

Using a minimal forward proxy set up, I am able to reliably reproduce a parsing exception by visiting some HTTPS sites.

These are okay / do not crash:

  • https://twitter.com/
  • https://www.simple.com/
  • https://www.npmjs.com/package/longjohn
  • https://www.jmarshall.com/easy/http/

These are bad / do crash:

  • https://www.delta.com/
  • https://en.wikipedia.org/wiki/HTTPS
  • https://anvileight.com/blog/2016/03/20/simple-http-server-with-python/

The real-world stack trace:

events.js:160
      throw er; // Unhandled 'error' event
      ^

Error: Parse Error
    at Error (native)
    at Socket.socketOnData (_http_client.js:359:20)
    at emitOne (events.js:96:13)
    at Socket.emit (events.js:188:7)
    at readableAddChunk (_stream_readable.js:172:18)
    at Socket.Readable.push (_stream_readable.js:130:10)
    at TCP.onread (net.js:542:20)

A stack trace using longjohn:

Error: Parse Error
    at Error (native)
    at Socket.socketOnData (_http_client.js:359:20)
    at emitOne (events.js:96:13)
    at Socket.emit (events.js:188:7)
    at readableAddChunk (_stream_readable.js:172:18)
    at Socket.Readable.push (_stream_readable.js:130:10)
    at TCP.onread (net.js:542:20)
---------------------------------------------
    at Socket.Readable.on (_stream_readable.js:686:33)
    at tickOnSocket (_http_client.js:538:10)
    at onSocketNT (_http_client.js:553:5)
    at _combinedTickCallback (internal/process/next_tick.js:74:11)
    at process._tickCallback (internal/process/next_tick.js:98:9)
---------------------------------------------
    at ClientRequest.onSocket (_http_client.js:545:11)
    at _http_agent.js:156:11
    at oncreate (_http_agent.js:227:5)
    at Agent.createSocket (_http_agent.js:189:5)
    at Agent.addRequest (_http_agent.js:149:10)
    at new ClientRequest (_http_client.js:158:16)
    at Object.exports.request (http.js:31:10)
    at Server.<anonymous> (/Users/sholladay/Code/experiment/hoxy-parse-error/node_modules/hoxy/lib/proxy.js:394:44)
    at emitTwo (events.js:106:13)
    at Server.emit (events.js:191:7)
    at HTTPParser.parserOnIncoming [as onIncoming] (_http_server.js:543:12)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:105:23)

In case it matters, I am doing the slightly more "correct" thing of having a Root CA and then a Proxy Intermediate CA and feeding the intermediate to hoxy, while having my OS trust the root certificate, following the procedure from jamielinux.com. This is one level deeper than hoxy's documentation. But the principal is more or less the same. And further, it works correctly on some sites and not on others, indicating an implementation problem.

sholladay avatar Jul 05 '16 21:07 sholladay