Problem with Package Manager when using HTTP proxy

schulmann commented 3 years ago

Environment

OS: Debian GNU/Linux 10 (buster)
Browser: Firefox (it doesn't matter)
OTRS version: 6.0.33

Expected behavior

The package manager should work when using a http proxy.

Actual behavior

su -c 'bin/otrs.Console.pl Admin::Package::Install https://download.znuny.org/releases/packages/:FAQ' - otrs: ERROR: OTRS-otrs.Console.pl-Admin::Package::Install-37 Perl: 5.28.1 OS: linux Time: Thu Mar 25 17:32:36 2021 Message: Can't perform GET on https://download.znuny.org/releases/packages//otrs.xml: 500 SSL upgrade failed: hostname verification failed

How to reproduce

Steps to reproduce the behavior:

Install Znuny 6.0.33 on Debian 10 with Postgres 11
Change sysconfig variables Package::Proxy and WebUserAgent::Proxy to the value "http://127.0.0.1:3128/"
apt install squid
su -c 'bin/otrs.Console.pl Admin::Package::Install https://download.znuny.org/releases/packages/:FAQ' - otrs
See error

Additional information

I think the problem could be a bug in the CPAN module LWP::UserAgent. At least a test script shows a difference between the Znuny version (6.26) "perl -I /opt/otrs/Kernel/cpan-lib /tmp/x.pl" and the version shipped with Debian (6.36) "perl /tmp/x.pl".

use LWP::UserAgent ();
my $ua = LWP::UserAgent->new(timeout => 10, verify_hostname => 1);
$ua->proxy(['https'], 'http://127.0.0.1:3128/');
my $response = $ua->get('https://download.znuny.org');
if (!$response->is_success) {
  die $response->status_line;
}
exit;

My test environment:

root@o6:~# cat /etc/os-release|fgrep PRETTY
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
root@o6:~# dpkg -l squid
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version       Architecture Description
+++-==============-=============-============-==========================================
ii  squid          4.6-1+deb10u5 amd64        Full featured Web Proxy cache (HTTP proxy)
root@o6:~# su -c 'bin/otrs.CheckModules.pl --all' - otrs
  o Apache::DBI......................ok (v1.12)
  o Apache2::Reload..................ok (v0.13)
  o Archive::Tar.....................ok (v2.30)
  o Archive::Zip.....................ok (v1.64)
  o Crypt::Eksblowfish::Bcrypt.......ok (v0.009)
  o CSS::Minifier::XS................Not installed! To install, you can use: 'apt-get install -y libcss-minifier-xs-perl'. (optional - Alternative to CSS::Minifier in XS, which is slightly faster than CSS::Minifier (pure Perl).)
  o Date::Format.....................ok (v2.24)
  o DateTime.........................ok (v1.50)
    o DateTime::TimeZone.............ok (v2.23)
  o DBI..............................ok (v1.642)
  o DBD::mysql.......................ok (v4.050)
  o DBD::ODBC........................Not installed! To install, you can use: 'apt-get install -y libdbd-odbc-perl'. (optional - Required to connect to a MS-SQL database.)
  o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.)
  o DBD::Pg..........................ok (v3.7.4)
  o Digest::SHA......................ok (v6.01)
  o Encode::HanExtra.................ok (v0.23)
  o IO::Socket::SSL..................ok (v2.060)
    Please consider updating to version 2.066 or higher: This version fixes email sending (bug#14357).
  o JavaScript::Minifier::XS.........Not installed! To install, you can use: 'apt-get install -y libjavascript-minifier-xs-perl'. (optional - Alternative to JavaScript::Minifier in XS, which is slightly faster than JavaScript::Minifier (pure Perl).)
  o JSON::XS.........................ok (v3.04)
  o List::Util::XS...................ok (v1.50)
  o LWP::UserAgent...................ok (v6.26)
  o Mail::IMAPClient.................ok (v3.42)
    o IO::Socket::SSL................ok (v2.060)
    Please consider updating to version 2.066 or higher: This version fixes email sending (bug#14357).
    o Authen::SASL...................ok (v2.16)
    o Authen::NTLM...................Not installed! To install, you can use: 'apt-get install -y libauthen-ntlm-perl'. (optional - Required for NTLM authentication mechanism in IMAP connections.)
  o ModPerl::Util....................ok (v2.000010)
  o Moo..............................ok (v2.003004)
  o Net::DNS.........................ok (v1.19)
  o Net::LDAP........................ok (v0.65)
  o Net::SMTP........................ok (v3.11)
  o Template.........................ok (v2.27)
  o Template::Stash::XS..............ok (undef)
  o Text::CSV_XS.....................ok (v1.38)
  o Time::HiRes......................ok (v1.9759)
  o XML::LibXML......................ok (v2.0134)
  o XML::LibXSLT.....................ok (v1.96)
  o XML::Parser......................ok (v2.44)
  o YAML::XS.........................ok (v0.76)

Bundled modules:

  o Algorithm::Diff..................ok (v1.1903)
  o Apache::DBI......................ok (v1.12)
  o CGI..............................ok (v4.36)
  o CSS::Minifier....................ok (v0.01)
  o Class::Inspector.................ok (v1.31)
  o Crypt::PasswdMD5.................ok (v1.40)
  o Crypt::Random::Source............ok (v0.14)
  o Email::Valid.....................ok (v1.202)
  o Encode::Locale...................ok (v1.05)
  o Exporter::Tiny...................ok (v1.002001)
  o IO::Interactive..................ok (v1.022)
  o JSON.............................ok (v2.94)
  o JSON::PP.........................ok (v2.27203)
  o JavaScript::Minifier.............ok (v1.15)
  o LWP..............................ok (v6.26)
  o Linux::Distribution..............ok (v0.23)
  o Locale::Codes....................ok (v3.52)
  o MIME::Tools......................ok (v5.509)
  o Mail::Address....................ok (v2.18)
  o Mail::Internet...................ok (v2.18)
  o Math::Random::ISAAC..............ok (v1.004)
  o Math::Random::Secure.............ok (v0.080001)
  o Module::Find.....................ok (v0.15)
  o Module::Refresh..................ok (v0.17)
  o Moo..............................ok (v2.003004)
  o Mozilla::CA......................ok (v20200520)
  o Net::HTTP........................ok (v6.17)
  o Net::IMAP::Simple................ok (v1.2209)
  o Net::SSLGlue.....................ok (v1.058)
  o PDF::API2........................ok (v2.033)
  o SOAP::Lite.......................ok (v1.20)
  o Sys::Hostname::Long..............ok (v1.5)
  o Text::CSV........................ok (v1.95)
  o Text::Diff.......................ok (v1.44)
  o Types::TypeTiny..................ok (v1.010000)
  o URI..............................ok (v1.71)
  o YAML.............................ok (v1.23)
  o namespace::clean.................ok (v0.27)
  o parent...........................ok (v0.236)
root@o6:~# perl -V
Summary of my perl5 (revision 5 version 28 subversion 1) configuration:

  Platform:
    osname=linux
    osvers=4.9.0
    archname=x86_64-linux-gnu-thread-multi
    uname='linux localhost 4.9.0 #1 smp debian 4.9.0 x86_64 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dcc=x86_64-linux-gnu-gcc -Dcpp=x86_64-linux-gnu-cpp -Dld=x86_64-linux-gnu-gcc -Dccflags=-DDEBIAN -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/build/perl-voFw8F/perl-5.28.1=. -fstack-protector-strong -Wformat -Werror=format-security -Dldflags= -Wl,-z,relro -Dlddlflags=-shared -Wl,-z,relro -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.28 -Darchlib=/usr/lib/x86_64-linux-gnu/perl/5.28 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/x86_64-linux-gnu/perl5/5.28 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.28.1 -Dsitearch=/usr/local/lib/x86_64-linux-gnu/perl/5.28.1 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -Ui_libutil -Ui_xlocale -Uversiononly -DDEBUGGING=-g -Doptimize=-O2 -dEs -Duseshrplib -Dlibperl=libperl.so.5.28.1'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=define
    usemultiplicity=define
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='x86_64-linux-gnu-gcc'
    ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    optimize='-O2 -g'
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion=''
    gccversion='8.3.0'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='x86_64-linux-gnu-gcc'
    ldflags =' -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=libc-2.28.so
    so=so
    useshrplib=true
    libperl=libperl.so.5.28
    gnulibc_version='2.28'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -L/usr/local/lib -fstack-protector-strong'

Characteristics of this binary (from libperl): 
  Compile-time options:
    HAS_TIMES
    MULTIPLICITY
    PERLIO_LAYERS
    PERL_COPY_ON_WRITE
    PERL_DONT_CREATE_GVSV
    PERL_IMPLICIT_CONTEXT
    PERL_MALLOC_WRAP
    PERL_OP_PARENT
    PERL_PRESERVE_IVUV
    USE_64_BIT_ALL
    USE_64_BIT_INT
    USE_ITHREADS
    USE_LARGE_FILES
    USE_LOCALE
    USE_LOCALE_COLLATE
    USE_LOCALE_CTYPE
    USE_LOCALE_NUMERIC
    USE_LOCALE_TIME
    USE_PERLIO
    USE_PERL_ATOF
    USE_REENTRANT_API
  Locally applied patches:
    DEBPKG:debian/cpan_definstalldirs - Provide a sensible INSTALLDIRS default for modules installed from CPAN.
    DEBPKG:debian/db_file_ver - https://bugs.debian.org/340047 Remove overly restrictive DB_File version check.
    DEBPKG:debian/doc_info - Replace generic man(1) instructions with Debian-specific information.
    DEBPKG:debian/enc2xs_inc - https://bugs.debian.org/290336 Tweak enc2xs to follow symlinks and ignore missing @INC directories.
    DEBPKG:debian/errno_ver - https://bugs.debian.org/343351 Remove Errno version check due to upgrade problems with long-running processes.
    DEBPKG:debian/libperl_embed_doc - https://bugs.debian.org/186778 Note that libperl-dev package is required for embedded linking
    DEBPKG:fixes/respect_umask - Respect umask during installation
    DEBPKG:debian/writable_site_dirs - Set umask approproately for site install directories
    DEBPKG:debian/extutils_set_libperl_path - EU:MM: set location of libperl.a under /usr/lib
    DEBPKG:debian/no_packlist_perllocal - Don't install .packlist or perllocal.pod for perl or vendor
    DEBPKG:debian/fakeroot - Postpone LD_LIBRARY_PATH evaluation to the binary targets.
    DEBPKG:debian/instmodsh_doc - Debian policy doesn't install .packlist files for core or vendor.
    DEBPKG:debian/ld_run_path - Remove standard libs from LD_RUN_PATH as per Debian policy.
    DEBPKG:debian/libnet_config_path - Set location of libnet.cfg to /etc/perl/Net as /usr may not be writable.
    DEBPKG:debian/perlivp - https://bugs.debian.org/510895 Make perlivp skip include directories in /usr/local
    DEBPKG:debian/squelch-locale-warnings - https://bugs.debian.org/508764 Squelch locale warnings in Debian package maintainer scripts
    DEBPKG:debian/patchlevel - https://bugs.debian.org/567489 List packaged patches for 5.28.1-6+deb10u1 in patchlevel.h
    DEBPKG:fixes/document_makemaker_ccflags - https://bugs.debian.org/628522 [rt.cpan.org #68613] Document that CCFLAGS should include $Config{ccflags}
    DEBPKG:debian/find_html2text - https://bugs.debian.org/640479 Configure CPAN::Distribution with correct name of html2text
    DEBPKG:debian/perl5db-x-terminal-emulator.patch - https://bugs.debian.org/668490 Invoke x-terminal-emulator rather than xterm in perl5db.pl
    DEBPKG:debian/cpan-missing-site-dirs - https://bugs.debian.org/688842 Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is writable
    DEBPKG:fixes/memoize_storable_nstore - [rt.cpan.org #77790] https://bugs.debian.org/587650 Memoize::Storable: respect 'nstore' option not respected
    DEBPKG:debian/makemaker-pasthru - https://bugs.debian.org/758471 Pass LD settings through to subdirectories
    DEBPKG:debian/makemaker-manext - https://bugs.debian.org/247370 Make EU::MakeMaker honour MANnEXT settings in generated manpage headers
    DEBPKG:debian/kfreebsd-softupdates - https://bugs.debian.org/796798 Work around Debian Bug#796798
    DEBPKG:fixes/autodie-scope - https://bugs.debian.org/798096 Fix a scoping issue with "no autodie" and the "system" sub
    DEBPKG:fixes/memoize-pod - [rt.cpan.org #89441] Fix POD errors in Memoize
    DEBPKG:debian/hurd-softupdates - https://bugs.debian.org/822735 Fix t/op/stat.t failures on hurd
    DEBPKG:fixes/math_complex_doc_great_circle - https://bugs.debian.org/697567 [rt.cpan.org #114104] Math::Trig: clarify definition of great_circle_midpoint
    DEBPKG:fixes/math_complex_doc_see_also - https://bugs.debian.org/697568 [rt.cpan.org #114105] Math::Trig: add missing SEE ALSO
    DEBPKG:fixes/math_complex_doc_angle_units - https://bugs.debian.org/731505 [rt.cpan.org #114106] Math::Trig: document angle units
    DEBPKG:fixes/cpan_web_link - https://bugs.debian.org/367291 CPAN: Add link to main CPAN web site
    DEBPKG:debian/hppa_op_optimize_workaround - https://bugs.debian.org/838613 Temporarily lower the optimization of op.c on hppa due to gcc-6 problems
    DEBPKG:debian/installman-utf8 - https://bugs.debian.org/840211 Generate man pages with UTF-8 characters
    DEBPKG:fixes/getopt-long-4 - https://bugs.debian.org/864544 [rt.cpan.org #122068] Fix issue #122068.
    DEBPKG:debian/hppa_opmini_optimize_workaround - https://bugs.debian.org/869122 Lower the optimization level of opmini.c on hppa
    DEBPKG:debian/sh4_op_optimize_workaround - https://bugs.debian.org/869373 Also lower the optimization level of op.c and opmini.c on sh4
    DEBPKG:debian/perldoc-pager - https://bugs.debian.org/870340 [rt.cpan.org #120229] Fix perldoc terminal escapes when sensible-pager is less
    DEBPKG:debian/prune_libs - https://bugs.debian.org/128355 Prune the list of libraries wanted to what we actually need.
    DEBPKG:debian/mod_paths - Tweak @INC ordering for Debian
    DEBPKG:debian/configure-regen - https://bugs.debian.org/762638 Regenerate Configure et al. after probe unit changes
    DEBPKG:debian/deprecate-with-apt - https://bugs.debian.org/747628 Point users to Debian packages of deprecated core modules
    DEBPKG:debian/disable-stack-check - https://bugs.debian.org/902779 [perl #133327] Disable debugperl stack extension checks for binary compatibility with perl
    DEBPKG:debian/gdbm-fatal - [perl #133295] https://bugs.debian.org/904005 Temporarily skip GDBM_File fatal.t for gdbm >= 1.15 compatibility
    DEBPKG:fixes/storable-recursion - https://bugs.debian.org/912900 [perl #133326] [120060c] (perl #133326) fix and clarify handling of recurs_sv.
    DEBPKG:fixes/caretx-fallback - https://bugs.debian.org/913347 [perl #133573] [03b94aa] RT#133573: $^X fallback when platform-specific technique fails
    DEBPKG:fixes/eumm-usrmerge - https://bugs.debian.org/913637 Avoid mangling /bin non-perl shebangs on merged-/usr systems
    DEBPKG:fixes/errno-include-path - [6c5080f] [perl #133662] https://bugs.debian.org/875921 Make Errno_pm.PL compatible with /usr/include/<ARCH>/errno.h
    DEBPKG:fixes/kfreebsd-renameat - [a3c63a9] https://bugs.debian.org/912521 [perl #133668] Also work around renameat() kernel bug on GNU/kFreeBSD
    DEBPKG:fixes/time-local-2020 - https://bugs.debian.org/915209 [rt.cpan.org #124787] Fix Time::Local tests
    DEBPKG:fixes/inplace-editing-bugfix/part1 - https://bugs.debian.org/914651 (perl #133659) move argvout cleanup to a new function
    DEBPKG:fixes/inplace-editing-bugfix/part2 - https://bugs.debian.org/914651 (perl #133659) tests for global destruction handling of inplace editing
    DEBPKG:fixes/inplace-editing-bugfix/part3 - https://bugs.debian.org/914651 (perl #133659) make an in-place edit successful if the exit status is zero
    DEBPKG:fixes/fix-manifest-failures - https://bugs.debian.org/914962 Fix t/porting/manifest.t failures when run in a foreign git checkout
    DEBPKG:fixes/pipe-open-bugfix/part1 - [perl #133726] https://bugs.debian.org/916313 Always mark pipe in pipe-open as inherit-on-exec
    DEBPKG:fixes/pipe-open-bugfix/part2 - [perl #133726] https://bugs.debian.org/916313 Always mark pipe in list pipe-open as inherit-on-exec
    DEBPKG:fixes/storable-probing/prereq1 - [3f4cad1] Storable: fix for strawberry build failures:
    DEBPKG:fixes/storable-probing/prereq2 - [perl #133411] [edf639f] (perl #133411) don't try to load Storable with -Dusecrosscompile
    DEBPKG:fixes/storable-probing/disable-probing - https://bugs.debian.org/914133 [perl #133708] [2a0bbd3] (perl #133708) remove build-time probing for stack limits for Storable
    DEBPKG:debian/perlbug-editor - https://bugs.debian.org/922609 Use "editor" as the default perlbug editor, as per Debian policy
    DEBPKG:fixes/posix-mbrlen - [25d7b7a] https://bugs.debian.org/924517 [perl #133928] Fix POSIX::mblen mbstate_t initialization on threaded perls with glibc
    DEBPKG:fixes/CVE-2020-10543 - https://bugs.debian.org/962005 regcomp.c: Prevent integer overflow from nested regex quantifiers.
    DEBPKG:fixes/CVE-2020-10878 - https://bugs.debian.org/962005 study_chunk: extract rck_elide_nothing
    DEBPKG:fixes/CVE-2020-12723 - https://bugs.debian.org/962005 study_chunk: avoid mutating regexp program within GOSUB
    DEBPKG:fixes/io-socket-ip-nov4 - https://bugs.debian.org/962019 Fix test failures in IO::Socket::IP with an IPv6-only host
  Built under linux
  Compiled at Jul 21 2020 19:27:00
  @INC:
    /etc/perl
    /usr/local/lib/x86_64-linux-gnu/perl/5.28.1
    /usr/local/share/perl/5.28.1
    /usr/lib/x86_64-linux-gnu/perl5/5.28
    /usr/share/perl5
    /usr/lib/x86_64-linux-gnu/perl/5.28
    /usr/share/perl/5.28
    /usr/local/lib/site_perl
    /usr/lib/x86_64-linux-gnu/perl-base
root@o6:~#

Screenshots

rkaldung commented 3 years ago

I can confirm this, got a fresh upgraded test instance with exactly the same issue.

reneeb commented 3 years ago

I'm currently rewriting the Dev::Code::CPANUpdate script to update CPAN deps step by step. I'll update the libwww-perl package and check if that fixes the issue.

And the issue could be with LWP::Protocol::https as well. So let's see ;-)

rkaldung commented 3 years ago

LWP::Protocol::https is already added in our internal Git for 6.0.34 in the CheckModules script ;-)

rkaldung commented 3 years ago

I'm currently rewriting the Dev::Code::CPANUpdate script to update CPAN deps step by step. I'll update the libwww-perl package and check if that fixes the issue.

Let me know if there's something to test.

reneeb commented 3 years ago

It's an issue with LWP::Protocol::https . After upgrading that module in Kernel/cpan-lib the command was successful. @rkaldung I have upgraded libwww-perl (LWP::UserAgent et al.) and LWP::Protocol::https locally. Should I create a PR for that or do you have the new version in Git already (your message above is ambiguous - it could mean you have that only in CheckModules and that you have the current version in cpan-lib)

rkaldung commented 3 years ago

@reneeb Yes please create a PR. There was sth. wrong on my side regarding LWP::Protocol::https 🙈

znuny / Znuny