Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mitm: TestProxyGoogleCom Unsolicited response received on idle HTTP channel starting with "\r\n"; err=<nil> #357

Closed
mmatczuk opened this issue Aug 14, 2023 · 3 comments
Closed

mitm: TestProxyGoogleCom Unsolicited response received on idle HTTP channel starting with "\r\n"; err=<nil> #357

mmatczuk opened this issue Aug 14, 2023 · 3 comments
Assignees
@mmatczuk
Labels
bug Something isn't working
Milestone
v1.1

Comments

@mmatczuk
Copy link
Contributor 

$ make run-e2e SETUP=mitm RUN='Google'
running setup flag-mitm-cacert
--- PASS: TestProxyGoogleCom (0.24s)
running setup flag-mitm-cacert-http
stderr:
2023/08/14 09:09:33 Unsolicited response received on idle HTTP channel starting with "\r\n"; err=<nil>

--- PASS: TestProxyGoogleCom (0.23s)
running setup flag-mitm-cacert-https
stderr:
2023/08/14 09:09:37 Unsolicited response received on idle HTTP channel starting with "\r\n"; err=<nil>

--- PASS: TestProxyGoogleCom (0.22s)
PASS

The Google test with MITM returns additional \r\n".
It is reproducible with 90% probability.
@mmatczuk mmatczuk added the bug Something isn't working label Aug 14, 2023
@mmatczuk mmatczuk added this to the v1.1 milestone Aug 14, 2023
@mmatczuk
Copy link
Contributor Author

This is because we are using HEAD

func TestProxyGoogleCom(t *testing.T) {
	newClient(t, "https://www.google.com").HEAD("/").ExpectStatus(http.StatusOK)
}

when changed to GET all works fine.

@mmatczuk
Copy link
Contributor Author

It can be reproduced with curl

$ curl -v -x localhost:3128 --head --raw --http1.1 -k  https://www.google.com
*   Trying 127.0.0.1:3128...
* Connected to localhost (127.0.0.1) port 3128 (#0)
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/8.1.2
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Test-Resp-Add: test-resp-value
Test-Resp-Add: test-resp-value
< Content-Length: 0
Content-Length: 0
* Ignoring Content-Length in CONNECT 200 response
< 

* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: offers http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: O=Sauce Labs Inc.; CN=www.google.com
*  start date: Aug 13 09:14:58 2023 GMT
*  expire date: Aug 15 09:14:58 2023 GMT
*  issuer: C=US; O=Sauce Labs Inc.
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* using HTTP/1.1
> HEAD / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/8.1.2
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
< Cache-Control: private
Cache-Control: private
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-7vNQbBDQMPl14I8h5GtVkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-7vNQbBDQMPl14I8h5GtVkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< Content-Type: text/html; charset=ISO-8859-1
Content-Type: text/html; charset=ISO-8859-1
< Date: Mon, 14 Aug 2023 09:23:30 GMT
Date: Mon, 14 Aug 2023 09:23:30 GMT
< Expires: Mon, 14 Aug 2023 09:23:30 GMT
Expires: Mon, 14 Aug 2023 09:23:30 GMT
< P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< Server: gws
Server: gws
< Set-Cookie: AEC=Ad49MVFHD3CgJnchwX9J2tx_cNfkYib5VbyV6TY1ZTjnDmaD5S1kMF-UZg; expires=Sat, 10-Feb-2024 09:23:30 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: AEC=Ad49MVFHD3CgJnchwX9J2tx_cNfkYib5VbyV6TY1ZTjnDmaD5S1kMF-UZg; expires=Sat, 10-Feb-2024 09:23:30 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
< Set-Cookie: __Secure-ENID=14.SE=LubKZVRk9aRLi27hsyhVD0DZfN2wO_2yFpG-blLjyV12CMfRnw8mh_2P_GPIuXIqSplNRmJeN3Y93Lkedziv-0atgh5LBd4ukINBoTXabc3x09DyGu2WXpco3DHEnPQzvScvg-KaLSpG_dTfJzeArqiSTZO3YROV8ui3h98Bods; expires=Fri, 13-Sep-2024 01:41:48 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: __Secure-ENID=14.SE=LubKZVRk9aRLi27hsyhVD0DZfN2wO_2yFpG-blLjyV12CMfRnw8mh_2P_GPIuXIqSplNRmJeN3Y93Lkedziv-0atgh5LBd4ukINBoTXabc3x09DyGu2WXpco3DHEnPQzvScvg-KaLSpG_dTfJzeArqiSTZO3YROV8ui3h98Bods; expires=Fri, 13-Sep-2024 01:41:48 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
< Set-Cookie: CONSENT=PENDING+744; expires=Wed, 13-Aug-2025 09:23:30 GMT; path=/; domain=.google.com; Secure
Set-Cookie: CONSENT=PENDING+744; expires=Wed, 13-Aug-2025 09:23:30 GMT; path=/; domain=.google.com; Secure
< Test-Resp-Add: test-resp-value
Test-Resp-Add: test-resp-value
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 0
X-Xss-Protection: 0

< 
* Excess found: excess = 2 url = / (zero-length body)
* Connection #0 to host localhost left intact

HTTPBIN is OK

$ curl -v -x localhost:3128 --head --http1.1 -k  https://httpbin:8080/status/200
*   Trying 127.0.0.1:3128...
* Connected to localhost (127.0.0.1) port 3128 (#0)
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to httpbin:8080
> CONNECT httpbin:8080 HTTP/1.1
> Host: httpbin:8080
> User-Agent: curl/8.1.2
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Test-Resp-Add: test-resp-value
Test-Resp-Add: test-resp-value
< Content-Length: 0
Content-Length: 0
* Ignoring Content-Length in CONNECT 200 response
< 

* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: offers http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: O=Sauce Labs Inc.; CN=httpbin
*  start date: Aug 13 09:20:10 2023 GMT
*  expire date: Aug 15 09:20:10 2023 GMT
*  issuer: C=US; O=Sauce Labs Inc.
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* using HTTP/1.1
> HEAD /status/200 HTTP/1.1
> Host: httpbin:8080
> User-Agent: curl/8.1.2
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Connection: close
Connection: close
< Date: Mon, 14 Aug 2023 09:22:32 GMT
Date: Mon, 14 Aug 2023 09:22:32 GMT
< Test-Resp-Add: test-resp-value
Test-Resp-Add: test-resp-value

< 
* Closing connection 0

@mmatczuk
Copy link
Contributor Author

I opened an issue in Go golang/go#62015

mmatczuk added a commit that referenced this issue Aug 14, 2023
@mmatczuk
martian: fix Excess found: excess = 2 url = / (zero-length body) in H…
32ff6be 
…EAD response

This works around golang/go#62015 by manually writing response to HEAD requests.

Fixes #357
@mmatczuk mmatczuk self-assigned this Aug 14, 2023
Choraden pushed a commit that referenced this issue Aug 31, 2023
@mmatczuk @Choraden
martian: fix Excess found: excess = 2 url = / (zero-length body) in H…
93ad74f 
…EAD response

This works around golang/go#62015 by manually writing response to HEAD requests.

Fixes #357
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmatczuk mmatczuk

Labels
bug Something isn't working
Projects
None yet
Milestone
v1.1
Development

No branches or pull requests
1 participant
@mmatczuk