Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL fails to resolve hostname in internal network #467

Open
lazamar opened this issue Jul 22, 2021 · 3 comments
Open

OpenSSL fails to resolve hostname in internal network #467

lazamar opened this issue Jul 22, 2021 · 3 comments

Comments

@lazamar
Copy link

lazamar commented Jul 22, 2021

Hi, I am having what seems like DNS resolution issues with the OpenSSL library in my company's internal network and would appreciate some pointers to what it could be

The following program works correctly when I use a url with an address in the open internet, but when I use an address in our internal network, the http-client-tls part works and the http-client-openssl part throws an error

main = do
  let url = "https://<some_url>"
  req <- parseRequest url

  putStrLn "http-client-tls"
  tlsManager <- newManager tlsManagerSettings
  run req tlsManager

  putStrLn "http-client-openssl"
  withOpenSSL $ do
     openSSLManager <- newOpenSSLManager
     run req openSSLManager
  where
    run req manager = withResponse req manager $ brConsume . responseBody

This is the error thrown

http-test-exe: HttpExceptionRequest Request {
  host                 = <redacted>
  port                 = 1952
  secure               = True
  requestHeaders       = []
  path                 = <redacted> 
  queryString          = <redacted>
  method               = "GET"
  proxy                = Nothing
  rawBody              = False
  redirectCount        = 10
  responseTimeout      = ResponseTimeoutDefault
  requestVersion       = HTTP/1.1
}
 (ConnectionFailure Network.Socket.getAddrInfo (called with preferred socket type/protocol: AddrInfo {addrFlags = [AI_ADDRCONFIG,AI_NUMERICSERV], addrFamily = AF_INET, addrSocketType = Stream, addrProtocol = 0, addrAddress = <assumed to be undefined>, addrCanonName = <assumed to be undefined>}, host name: Just <redacted>, service name: Just "1952"): does not exist (Name or service not known))

The program is run with http_proxy and https_proxy set.
It seems like the settings of the tlsManager are making the hostname be resolved correctly but the openSSLManager is failing to do so.
Do you know what could cause that?

I am using

GHC 8.10.4
http-client 0.6.4.1
http-client-openssl 0.3.2.0
http-client-tls 0.3.5.3
@lazamar
Copy link
Author

lazamar commented Jul 22, 2021

btw, nslookup resolves the internal hostname to an IPv6 address. I am not sure if this could be a factor here.

@snoyberg
Copy link
Owner

I don't have deep insights here, but I'd recommend comparing the relevant code paths:

One thing that stands out is the most recent commit on http-client-openssl: 3bdfed4. Not sure if that's relevant, since you're using an older version of the library. Perhaps you could try bumping to the latest version.

@arianvp
Copy link
Contributor

arianvp commented Jan 12, 2023

It might be that openssl tries to read /etc/services whilst tls library does not

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@snoyberg @arianvp @lazamar