[quote=“wbond”]Unfortunately GitHub and BitBucket only offer downloads via HTTPS, so even if you switch the channel file to HTTP, you won’t be able to install anything buy my packages. Plus, you’ll be vulnerable to man-in-the-middle attacks where a user could run arbitrary python code on your machine with your credentials.
I find it very odd that people seem not to have much trouble with proxying HTTP requests, but HTTPS offers lots of trouble. It makes me think something else is going on. Do HTTPS connections not normally go through a proxy or something? Is it an error that Package Control uses the http_proxy settings for HTTPS connections if the user does not specify an HTTPS proxy?[/quote]
I don’t think that’s an error. If I use an NTLM-enabled version of curl I can grab that file via https w/this command:
$ curl -v --proxy-ntlm --proxy-user mydomain\\myusername --url https://sublime.wbond.net/repositories.json --proxy proxy.mycompany.com:8080 > bubba.txt
Looking at the verbose output, I think it’s definitely using the proxy–dig it:
[code]Enter proxy password for user ‘mydomain\myusername’:
CONNECT sublime.wbond.net:443 HTTP/1.1
Host: sublime.wbond.net:443
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
User-Agent: curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8k zlib/1.2.3
Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NTLM <>
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: Keep-Alive
< Set-Cookie: BCSI-CS-8cf82f2954c8f17f=2; Path=/
< Connection: Keep-Alive
< Content-Length: 874
<
- Ignore 874 bytes of response-body
- Establish HTTP proxy tunnel to sublime.wbond.net:443
- Proxy auth using NTLM with user ‘mydomain\myusername’
CONNECT sublime.wbond.net:443 HTTP/1.1
Host: sublime.wbond.net:443
Proxy-Authorization: NTLM <>
User-Agent: curl/7.21.1 (i686-pc-mingw32) libcurl/7.21.1 OpenSSL/0.9.8k zlib/1.2.3
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
- Proxy replied OK to CONNECT request[/code]
Now, why curl can do this but whatever python(?) bits you’re exercising cannot is unclear to me. But like I say, PC is not the only tool that I’ve had this difficulty with.
One thing I discovered playing w/curl is that our proxy will also do basic auth (again, requiring username/pwd). I think there’s a way to get curl to use NTLM w/out specifying my username/pwd (just like browsers don’t require it) but I don’t know what it is. That would be the magic that I wish PC had of course.