From 553a2d6d3f9e8f8d58d6d120f6061cb0376a9fb7 Mon Sep 17 00:00:00 2001 From: Vasili Revelas Date: Wed, 2 Nov 2022 21:21:23 +0200 Subject: [PATCH] Improve error message when proxy connection fails If the proxy doesn't respond to our CONNECT request with a 2XX status code, we now display the proxy's response rather than the confusing error "tls: first record does not look like a TLS handshake" Kubernetes-commit: 674db522815df566ffae7fbe8daf5f8e3ced9033 --- pkg/util/httpstream/spdy/roundtripper.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/util/httpstream/spdy/roundtripper.go b/pkg/util/httpstream/spdy/roundtripper.go index ea0481799..858eafb86 100644 --- a/pkg/util/httpstream/spdy/roundtripper.go +++ b/pkg/util/httpstream/spdy/roundtripper.go @@ -184,12 +184,15 @@ func (s *SpdyRoundTripper) dialWithHttpProxy(req *http.Request, proxyURL *url.UR //nolint:staticcheck // SA1019 ignore deprecated httputil.NewProxyClientConn proxyClientConn := httputil.NewProxyClientConn(proxyDialConn, nil) - _, err = proxyClientConn.Do(&proxyReq) + response, err := proxyClientConn.Do(&proxyReq) //nolint:staticcheck // SA1019 ignore deprecated httputil.ErrPersistEOF: it might be // returned from the invocation of proxyClientConn.Do if err != nil && err != httputil.ErrPersistEOF { return nil, err } + if response != nil && response.StatusCode >= 300 || response.StatusCode < 200 { + return nil, fmt.Errorf("CONNECT request to %s returned response: %s", proxyURL.Redacted(), response.Status) + } rwc, _ := proxyClientConn.Hijack()