# Commands covered: http::geturl when using a proxy server. # # This file contains a collection of tests for the http script library. # Sourcing this file into Tcl runs the tests and generates output for errors. # No output means no errors were found. # # Copyright © 1991-1993 The Regents of the University of California. # Copyright © 1994-1996 Sun Microsystems, Inc. # Copyright © 1998-2000 Ajuba Solutions. # Copyright © 2022 Keith Nash. # # See the file "license.terms" for information on usage and redistribution of # this file, and for a DISCLAIMER OF ALL WARRANTIES. if {"::tcltest" ni [namespace children]} { package require tcltest 2.5 namespace import -force ::tcltest::* } package require http 2.10 proc bgerror {args} { global errorInfo puts stderr "httpProxy.test bgerror" puts stderr [join $args] puts stderr $errorInfo } proc stopMe {token} { set ${token}(z) done } if {![info exists ThreadLevel]} { if {[catch {package require Thread}] == 0} { set ValueRange {0 1 2} } else { set ValueRange {0 1} } # For each value of ThreadLevel, source this file recursively in the # same interpreter. foreach ThreadLevel $ValueRange { source [info script] } catch {unset ThreadLevel} catch {unset ValueRange} return } catch {puts "==== Test with ThreadLevel $ThreadLevel ===="} http::config -threadlevel $ThreadLevel #testConstraint needsSquid 1 #testConstraint needsTls 1 if {[testConstraint needsTls]} { package require tls http::register https 443 [list ::tls::socket -ssl2 0 -ssl3 0 \ -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 0 -autoservername 1] } # Testing with Squid # - Example Squid configuration for Enterprise Linux 8 (Red Hat, Oracle, Rocky, # Alma, ...) is in file tests/httpProxySquidConfigForEL8.tar.gz. # - Two instances of Squid are launched, one that needs authentication and one # that does not. # - Each instance of Squid listens on IPv4 and IPv6, on different ports. # Instance of Squid that does not need authentication. set n4host 127.0.0.1 set n6host ::1 set n4port 3128 set n6port 3130 # Instance of Squid that needs authentication. set a4host 127.0.0.1 set a6host ::1 set a4port 3129 set a6port 3131 # concat Basic [base64::encode alice:alicia] set aliceCreds {Basic YWxpY2U6YWxpY2lh} # concat Basic [base64::encode intruder:intruder] set badCreds {Basic aW50cnVkZXI6aW50cnVkZXI=} test httpProxy-1.1.$ThreadLevel {squid is running - ipv4 noauth} -constraints {needsSquid} -setup { } -body { set token [http::geturl http://$n4host:$n4port/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed]" } -result {complete ok 400 -- none} -cleanup { http::cleanup $token unset -nocomplain token ri res } test httpProxy-1.2.$ThreadLevel {squid is running - ipv6 noauth} -constraints {needsSquid} -setup { } -body { set token [http::geturl http://\[$n6host\]:$n6port/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed]" } -result {complete ok 400 -- none} -cleanup { http::cleanup $token unset -nocomplain token ri res } test httpProxy-1.3.$ThreadLevel {squid is running - ipv4 auth} -constraints {needsSquid} -setup { } -body { set token [http::geturl http://$a4host:$a4port/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed]" } -result {complete ok 400 -- none} -cleanup { http::cleanup $token unset -nocomplain token ri res } test httpProxy-1.4.$ThreadLevel {squid is running - ipv6 auth} -constraints {needsSquid} -setup { } -body { set token [http::geturl http://\[$a6host\]:$a6port/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed]" } -result {complete ok 400 -- none} -cleanup { http::cleanup $token unset -nocomplain token ri res } test httpProxy-2.1.$ThreadLevel {http no-proxy no-auth} -constraints {needsSquid} -setup { http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res } test httpProxy-2.2.$ThreadLevel {https no-proxy no-auth} -constraints {needsSquid needsTls} -setup { http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res } test httpProxy-2.3.$ThreadLevel {http with-proxy ipv4 no-auth} -constraints {needsSquid} -setup { http::config -proxyhost $n4host -proxyport $n4port -proxynot {127.0.0.1 localhost} -proxyauth {} } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- HttpProxy -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res http::config -proxyhost {} -proxyport {} -proxynot {} } test httpProxy-2.4.$ThreadLevel {https with-proxy ipv4 no-auth} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $n4host -proxyport $n4port -proxynot {127.0.0.1 localhost} -proxyauth {} } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- SecureProxy -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res http::config -proxyhost {} -proxyport {} -proxynot {} } test httpProxy-2.5.$ThreadLevel {http with-proxy ipv6 no-auth} -constraints {needsSquid} -setup { http::config -proxyhost $n6host -proxyport $n6port -proxynot {::1 localhost} -proxyauth {} } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- HttpProxy -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res http::config -proxyhost {} -proxyport {} -proxynot {} } test httpProxy-2.6.$ThreadLevel {https with-proxy ipv6 no-auth} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $n6host -proxyport $n6port -proxynot {::1 localhost} -proxyauth {} } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- SecureProxy -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res http::config -proxyhost {} -proxyport {} -proxynot {} } test httpProxy-3.1.$ThreadLevel {http no-proxy with-auth valid-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.2.$ThreadLevel {https no-proxy with-auth valid-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.3.$ThreadLevel {http with-proxy ipv4 with-auth valid-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- HttpProxy 1 1 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.4.$ThreadLevel {https with-proxy ipv4 with-auth valid-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- SecureProxy 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.5.$ThreadLevel {http with-proxy ipv6 with-auth valid-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $aliceCreds } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- HttpProxy 1 1 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.6.$ThreadLevel {https with-proxy ipv6 with-auth valid-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $aliceCreds } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- SecureProxy 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.7.$ThreadLevel {http with-proxy ipv4 with-auth valid-creds-provided; check that 2nd valid request with creds is possible, and keep-alive works} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.7x.$ThreadLevel {http with-proxy ipv4 with-auth 1st request no-creds-provided; check that 2nd request with creds is possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] http::config -proxyauth $aliceCreds } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.8.$ThreadLevel {https with-proxy ipv4 with-auth valid-creds-provided; check that 2nd valid request with creds is possible, and keep-alive works} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- SecureProxy 0 0 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.8x.$ThreadLevel {https with-proxy ipv4 with-auth 1st request no-creds-provided; check that 2nd request with creds is possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] http::config -proxyauth $aliceCreds } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- SecureProxy 0 0 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.9.$ThreadLevel {http with-proxy ipv6 with-auth valid-creds-provided; check that 2nd valid request with creds is possible, and keep-alive works} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $aliceCreds set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.9p.$ThreadLevel {http with-proxy ipv6 with-auth valid-creds-provided; check that 2nd valid request with creds is possible, and keep-alive works, pipelining requested and possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $aliceCreds } -body { set can0 [after 6000 {http::reset $token0; set ${token0}(z) timeout}] set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] after idle { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can } vwait ${token0}(z) after cancel $can0 set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can0 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.9x.$ThreadLevel {http with-proxy ipv6 with-auth 1st request no-creds-provided; check that 2nd request with creds is possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] http::config -proxyauth $aliceCreds } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.10.$ThreadLevel {https with-proxy ipv6 with-auth valid-creds-provided; check that 2nd valid request with creds is possible, and keep-alive works} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $aliceCreds set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- SecureProxy 0 0 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.10p.$ThreadLevel {https with-proxy ipv6 with-auth valid-creds-provided; check that 2nd valid request with creds is possible, and keep-alive works, pipelining requested and possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $aliceCreds } -body { set can0 [after 6000 {http::reset $token0; set ${token0}(z) timeout}] set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] after idle { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token0; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can } vwait ${token0}(z) after cancel $can0 set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- SecureProxy 0 0 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can0 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-3.10x.$ThreadLevel {https with-proxy ipv6 with-auth 1st request no-creds-provided; check that 2nd request with creds is possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] http::config -proxyauth $aliceCreds } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 200 -- SecureProxy 0 0 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.1.$ThreadLevel {http no-proxy with-auth no-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.2.$ThreadLevel {https no-proxy with-auth no-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.3.$ThreadLevel {http with-proxy ipv4 with-auth no-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- HttpProxy 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.4.$ThreadLevel {https with-proxy ipv4 with-auth no-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- SecureProxyFailed 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.5.$ThreadLevel {http with-proxy ipv6 with-auth no-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- HttpProxy 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.6.$ThreadLevel {https with-proxy ipv6 with-auth no-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- SecureProxyFailed 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.7.$ThreadLevel {http with-proxy ipv4 with-auth no-creds-provided; check that 2nd request is possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- HttpProxy 0 0 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.8.$ThreadLevel {https with-proxy ipv4 with-auth no-creds-provided; check that 2nd request is possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {} set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- SecureProxyFailed 0 0 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.9.$ThreadLevel {http with-proxy ipv6 with-auth no-creds-provided; check that 2nd request is possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- HttpProxy 0 0 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.9p.$ThreadLevel {http with-proxy ipv6 with-auth no-creds-provided; check that 2nd request is possible, pipelining requested and possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} } -body { set can0 [after 6000 {http::reset $token0; set ${token0}(z) timeout}] set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] after idle { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token0; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can } vwait ${token0}(z) after cancel $can0 set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- HttpProxy 0 0 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can0 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.10.$ThreadLevel {https with-proxy ipv6 with-auth no-creds-provided; check that 2nd request is possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- SecureProxyFailed 0 0 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-4.10p.$ThreadLevel {https with-proxy ipv6 with-auth no-creds-provided; check that 2nd request is possible, pipelining requested but not possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth {} } -body { set can0 [after 6000 {http::reset $token0; set ${token0}(z) timeout}] set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] after idle { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can } vwait ${token0}(z) after cancel $can0 set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- SecureProxyFailed 0 0 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can0 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.1.$ThreadLevel {http no-proxy with-auth bad-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.2.$ThreadLevel {https no-proxy with-auth bad-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 200 -- none 0 0 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.3.$ThreadLevel {http with-proxy ipv4 with-auth bad-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- HttpProxy 1 1 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.4.$ThreadLevel {https with-proxy ipv4 with-auth bad-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- SecureProxyFailed 1 1 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.5.$ThreadLevel {http with-proxy ipv6 with-auth bad-creds-provided} -constraints {needsSquid} -setup { http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $badCreds } -body { set token [http::geturl http://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- HttpProxy 1 1 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.6.$ThreadLevel {https with-proxy ipv6 with-auth bad-creds-provided} -constraints {needsSquid needsTls} -setup { http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $badCreds } -body { set token [http::geturl https://www.google.com/] set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*]" } -result {complete ok 407 -- SecureProxyFailed 1 1 -- -1} -cleanup { http::cleanup $token unset -nocomplain token ri res pos1 pos2 http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.7.$ThreadLevel {http with-proxy ipv4 with-auth bad-creds-provided; check that 2nd request is possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.7p.$ThreadLevel {http with-proxy ipv4 with-auth bad-creds-provided; check that 2nd request is possible, pipelining requested and possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds } -body { set can0 [after 6000 {http::reset $token0; set ${token0}(z) timeout}] set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] # Use the same caution as for the corresponding https test. after idle { set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can } vwait ${token0}(z) after cancel $can0 set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can0 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.8.$ThreadLevel {https with-proxy ipv4 with-auth bad-creds-provided; check that 2nd request is possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- SecureProxyFailed 1 1 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.8p.$ThreadLevel {https with-proxy ipv4 with-auth bad-creds-provided; check that 2nd request is possible, pipelining requested but not possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds } -body { set can0 [after 6000 {http::reset $token0; set ${token0}(z) timeout}] set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. after idle { set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can } vwait ${token0}(z) after cancel $can0 set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- SecureProxyFailed 1 1 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can0 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.9.$ThreadLevel {http with-proxy ipv6 with-auth bad-creds-provided; check that 2nd request is possible} -constraints {needsSquid} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $badCreds set token0 [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000] } -body { # Use the same caution as for the corresponding https test. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl http://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- HttpProxy 1 1 -- -1 done 1} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } test httpProxy-5.10.$ThreadLevel {https with-proxy ipv6 with-auth bad-creds-provided; check that 2nd request is possible} -constraints {needsSquid needsTls} -setup { array unset ::http::socketMapping http::config -proxyhost $a6host -proxyport $a6port -proxynot {::1 localhost} -proxyauth $badCreds set token0 [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000] } -body { # If a bug passes the socket of a failed CONNECT to the main request, an infinite # wait can occur despite -timeout. Fix this with http::reset; to do this the call # to http::geturl must be async so we have $token for use as argument of reset. set can [after 6000 {http::reset $token; set ${token}(z) timeout}] set token [http::geturl https://www.google.com/ -keepalive 1 -timeout 5000 -command stopMe] vwait ${token}(z) after cancel $can set ri [http::responseInfo $token] set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization] set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds] set same [string equal [set ${token0}(sock)] [set ${token}(sock)]] set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] --\ [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}] --\ [lsearch -glob [array get ::http::socketMapping] HTTP_PLACEHOLDER_*] [set ${token}(z)] $same" } -result {complete ok 407 -- SecureProxyFailed 1 1 -- -1 done 0} -cleanup { http::cleanup $token0 http::cleanup $token unset -nocomplain token0 token ri res pos1 pos2 can same array unset ::http::socketMapping http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {} } # cleanup unset -nocomplain n4host n6host n4port n6port a4host a6host a4port a6port aliceCreds badCreds rename bgerror {} rename stopMe {} ::tcltest::cleanupTests # Local variables: # mode: tcl # End: