https://pulp.plan.io/https://pulp.plan.io/favicon.ico2015-02-28T22:12:29ZPulpNectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=9062015-02-28T22:12:29Zcduryeecduryee@redhat.com
<ul></ul><p>putting bug down for now</p>
<p>+ This comment was cloned from <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1116898#c1" class="external">Bugzilla #1116898 comment 1</a> +</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=9072015-02-28T22:12:30Zjcline@redhat.comjcline@redhat.com
<ul></ul><p>Updated this bug to block the corresponding Satellite bug (1025890) rather than to depend on it.</p>
<p>+ This comment was cloned from <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1116898#c2" class="external">Bugzilla #1116898 comment 2</a> +</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=9082015-02-28T22:12:31Zrbarlow
<ul></ul><p>Moving back to new, since Chris said he wasn't working on it at the moment.</p>
<p>+ This comment was cloned from <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1116898#c3" class="external">Bugzilla #1116898 comment 3</a> +</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=9092015-02-28T22:12:32Zcduryeecduryee@redhat.com
<ul></ul><p>still working on it:)</p>
<p>+ This comment was cloned from <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1116898#c4" class="external">Bugzilla #1116898 comment 4</a> +</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=9102015-02-28T22:12:33Zcduryeecduryee@redhat.com
<ul></ul><p>This requires changes to the sat6 installer to specify basic vs digest proxy auth in /etc/pulp/server/plugins.conf.d/yum_importer.json as well as to pulp to support the new proxy auth method. We are not able to try digest and then basic since that would send a plaintext password over the wire if digest failed for any reason.</p>
<p>There are ways to figure out if digest auth is supported, but it appears that those are for authenticating to the end website and not to the proxy. FWIW I was not able to get curl or wget to be able to guess the proxy auth method.</p>
<p>Setting needinfo on bbuckingham to validate if this is a blocker.</p>
<p>+ This comment was cloned from <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1116898#c5" class="external">Bugzilla #1116898 comment 5</a> +</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=9112015-02-28T22:12:34Zcduryeecduryee@redhat.com
<ul></ul><p>moving to medium/no release, after discussion with Brad and others. Also clearing NEEDINFO.</p>
<p>+ This comment was cloned from <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1116898#c6" class="external">Bugzilla #1116898 comment 6</a> +</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=26252015-03-20T19:15:00Zbmbouterbmbouter@redhat.com
<ul><li><strong>Severity</strong> changed from <i>Medium</i> to <i>2. Medium</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=64202015-10-02T13:09:15Zmhrivnakmhrivnak@redhat.com
<ul><li><strong>Platform Release</strong> set to <i>2.8.0</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=75662015-12-22T21:51:27Zpcreechpcreech@redhat.com
<ul><li><strong>Status</strong> changed from <i>NEW</i> to <i>ASSIGNED</i></li><li><strong>Assignee</strong> set to <i>pcreech</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=83212016-01-29T20:25:30Zbmbouterbmbouter@redhat.com
<ul><li><strong>Project</strong> changed from <i>Pulp</i> to <i>Nectar</i></li><li><strong>Category</strong> deleted (<del><i>14</i></del>)</li><li><strong>Target Release - Nectar</strong> set to <i>1.4.4</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=83222016-01-29T20:36:33Zpcreechpcreech@redhat.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/8322/diff?detail_id=8601">diff</a>)</li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=83242016-01-29T20:39:28Zbmbouterbmbouter@redhat.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/8324/diff?detail_id=8603">diff</a>)</li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=83252016-01-29T20:40:29Zpcreechpcreech@redhat.com
<ul><li><strong>Private</strong> changed from <i>Yes</i> to <i>No</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=83952016-02-01T20:17:01Zpcreechpcreech@redhat.com
<ul><li><strong>Status</strong> changed from <i>ASSIGNED</i> to <i>POST</i></li></ul><p><a href="https://github.com/pulp/nectar/pull/39" class="external">https://github.com/pulp/nectar/pull/39</a></p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=84282016-02-02T19:37:25Zpcreechpcreech@redhat.com
<ul><li><strong>Status</strong> changed from <i>POST</i> to <i>MODIFIED</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Enable content sync via digest proxy Enable the guessing of the proxy authentication mechanism, ..." href="https://pulp.plan.io/projects/nectar/repository/31/revisions/6def26fa9818b83249aabc609ae90e88ba274834">6def26fa9818b83249aabc609ae90e88ba274834</a>.</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=87542016-02-11T19:45:31Zrbarlow
<ul><li><strong>Status</strong> changed from <i>MODIFIED</i> to <i>CLOSED - CURRENTRELEASE</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=97412016-03-11T13:46:30Zpcreechpcreech@redhat.com
<ul><li><strong>Status</strong> changed from <i>CLOSED - CURRENTRELEASE</i> to <i>NEW</i></li><li><strong>Target Release - Nectar</strong> deleted (<del><i>1.4.4</i></del>)</li></ul><p>Reopening due to issues with a specific use case that doesn't work.</p>
<p>With the way the fix utilized response handlers in the requests library, connecting https through a http proxy that requires authentication fails. The solution relied on discovering the authentication through the 407 response from the proxy. On https connections, the http 'CONNECT' action in httplib will throw an exception on any response other than 200, preventing the handlers from firing. Proxy method will be unable to be 'discovered' in this way. Previous fix has been reverted.</p>
<p>Related python-requests issue<br>
<a href="https://github.com/kennethreitz/requests/issues/1582#issuecomment-195288875" class="external">https://github.com/kennethreitz/requests/issues/1582#issuecomment-195288875</a></p>
<p>Related python-requests-toolbelt issue<br>
<a href="https://github.com/sigmavirus24/requests-toolbelt/issues/136#issuecomment-190610347" class="external">https://github.com/sigmavirus24/requests-toolbelt/issues/136#issuecomment-190610347</a></p>
<p>This latter one also seems to indicate that digest proxy authentication will not be handled well even if known (since it relies on details in the 407 response to work)</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=97422016-03-11T13:46:48Zpcreechpcreech@redhat.com
<ul><li><strong>Assignee</strong> deleted (<del><i>pcreech</i></del>)</li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=97432016-03-11T13:52:24Zpcreechpcreech@redhat.com
<ul><li><strong>Triaged</strong> changed from <i>Yes</i> to <i>No</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=97532016-03-11T15:42:43Zmhrivnakmhrivnak@redhat.com
<ul><li><strong>Triaged</strong> changed from <i>No</i> to <i>Yes</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=163812016-12-09T20:37:33Zjortel@redhat.comjortel@redhat.com
<ul><li><strong>Groomed</strong> changed from <i>No</i> to <i>Yes</i></li><li><strong>Sprint Candidate</strong> changed from <i>No</i> to <i>Yes</i></li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=166232016-12-19T15:50:12Zpcreechpcreech@redhat.com
<ul></ul><p>The issues upstream enabling this to work still haven't been resolved.</p>
<p>The issue here is in a dependency of the requests library, httplib, that is used to open connections.</p>
<p>DIgest authentication requires a back and forth exchange so tokens can be passed. Unfortunately, with the current stack, when connecting to an https endpoint with a proxy that requires this kind of back and forth exchange, an exception gets thrown in the ssl connection logic interrupting this execution flow.</p>
<p>The requests team is working on getting a fix in that will allow this to work properly. Until that time, we will be unable to support any proxy logic that requires a back and forth exchange of information to authenticate to connect to https endpoints.</p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=244642018-02-09T15:10:03Zrchan
<ul><li><strong>Sprint Candidate</strong> deleted (<del><i>Yes</i></del>)</li></ul> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=270112018-03-23T16:09:39Zttereshcttereshc@redhat.com
<ul><li><strong>Status</strong> changed from <i>NEW</i> to <i>CLOSED - WONTFIX</i></li><li><strong>Sprint Candidate</strong> set to <i>No</i></li></ul><p>https through authenticated proxies can't be supported/implemented with <code>httplib2</code>.<br>
The <code>requests</code> library currently uses <code>httplib2</code>.<br>
The new stack for <code>requests</code> will not support it any time soon <a href="https://github.com/requests/requests/issues/2386#issuecomment-71643022" class="external">https://github.com/requests/requests/issues/2386#issuecomment-71643022</a></p> Nectar - Issue #469: content sync via authenticated proxy using digest_pw method failshttps://pulp.plan.io/issues/469?journal_id=403742019-04-15T21:11:21Zbmbouterbmbouter@redhat.com
<ul><li><strong>Tags</strong> <i>Pulp 2</i> added</li></ul>