lagrange icon indicating copy to clipboard operation
lagrange copied to clipboard

Published 20 hours ago verified publisher icon skyjake

Inform user about untrusted proxy server certificate; allow trusting new proxy certificate

Open matthewp opened this issue 2 years ago • 5 comments

I've tested out Duckling with both Lagrange and amfora. With amfora the proxying works as expected (using a URL like http://example.com/) and with Lagrange it does not. Debugging it appears that an address is not included as part of the request.

Happy to help debug more if you'd like.

matthewp avatar May 24 '22 23:05 matthewp

I've been running Duckling Proxy for quite a while now and have had no issues with it. Could you share some details about your setup?

  • is the proxy on the localhost or running somewhere else?
  • which operating systems are Lagrange and the proxy on?
  • in Lagrange's network setup, did you configure the address using a domain name or IP address?
  • IPv4 or v6? (not sure if Duckling supports IPv6)

skyjake avatar May 25 '22 02:05 skyjake

@skyjake Thanks! Happy to provide this info.

  • I actually deployed this to run on a server and it works that way. So this bug seems to be just localhost.
  • OSX 12.2.1
  • I tried both localhost and 127.0.0.1. Sometimes included the port, no change.
  • IPv4

matthewp avatar May 25 '22 12:05 matthewp

I tried running duckling on localhost (macOS Monterey, go1.16.6 darwin/arm64) but it crashes when a request comes in:

Info: Starting Duckling Proxy v0.2.1 on 127.0.0.1 port: 1965
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x103173f18]

goroutine 19 [running]:
net/url.(*URL).String(0x0, 0x1031cce10, 0x14000157000)
	/opt/homebrew/Cellar/go/1.16.6/libexec/src/net/url/url.go:813 +0x28
main.WebPipeHandler.Handle(0x0, 0x0)
	/Users/jaakko/go/pkg/mod/github.com/!luke!emmet/[email protected]/duckling-proxy.go:97 +0x40
github.com/makeworld-the-better-one/go-gemini.handleConnection(0x12a4c0998, 0x140001e0000, 0x103329a38, 0x1034f60c8)
	/Users/jaakko/go/pkg/mod/github.com/makeworld-the-better-one/[email protected]/server.go:97 +0xb4
created by github.com/makeworld-the-better-one/go-gemini.serve
	/Users/jaakko/go/pkg/mod/github.com/makeworld-the-better-one/[email protected]/server.go:82 +0x80

Have you encountered this?

skyjake avatar May 26 '22 15:05 skyjake

Yes, that's because the go-gemini library reads the request for the URL but there isn't one, so it crashes when the handler tries to get the URL as as a string. You will observe that using amfora you do not get that error. I think that Lagrange is not sending the URL when on localhost.

matthewp avatar May 26 '22 19:05 matthewp

The problem here seems to be (at least on my machine) that I already had a trusted certificate for "localhost:1965" that didn't match Duckling's certificate. This caused the request to be aborted by Lagrange when it found the certificate mismatch. Manually deleting the offending entry from "trusted.2.txt" fixed the problem.

The appropriate fix here is to inform the user about the certificate mismatch and allow them to trust the new certificate of the proxy.

skyjake avatar May 27 '22 04:05 skyjake

Fix included in v1.13.7.

skyjake avatar Nov 16 '22 15:11 skyjake