Project

General

Profile

Bug #6949

username/password not used by proxy support

Added by Giuanin Piemunteis 9 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Operating System
Target version:
Start date:
11/21/2016
Due date:
% Done:

50%

Affected version:
2.4
Affected Architecture:
All

Description

hello,
it seems that username and password is not used for the proxy connection. it works only with IP and port but authentication is not performed.
when i try to perform an update check pfsense continuously tries to connect to the proxy without to pass username/passw to the proxy.

Associated revisions

Revision 1060378f
Added by Jim Pingle 8 months ago

Populate the HTTP_PROXY_AUTH env var. Ticket #6949

History

#1 Updated by Jim Pingle 8 months ago

  • Category changed from Upgrade to Operating System
  • % Done changed from 0 to 50

I pushed some changes to populate the HTTP_PROXY_AUTH variable and it works for HTTP, but HTTPS does not work using the same mechanism. This happens even with fetch and not just pkg, so it may be a limitation of libfetch and beyond our control at the moment.

I also tried with the user/pass in the HTTP_PROXY variable in multiple styles ("user::3128", "http://user::3128/"), none of which worked with fetch or pkg.

#2 Updated by Kill Bill 8 months ago

@jimp: Perhaps this is relevant to HTTPS not working?

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194483

#3 Updated by Jim Pingle 8 months ago

It's possible but doesn't sound quite the same. Here's a capture of the initial exchange I grabbed yesterday where the client is trying to setup the connection and fails -- it never sends the subsequent attempt with credentials as it does with HTTP:

Client:

CONNECT www.example.com:443 HTTP/1.1
Host: www.example.com:443

Server:

HTTP/1.1 407 Proxy Authentication Required
Server: squid
Mime-Version: 1.0
Date: Wed, 07 Dec 2016 18:30:33 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3380
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: Basic realm="Please enter your credentials to access the proxy" 
X-Cache: MISS from localhost
X-Cache-Lookup: NONE from localhost:3128
Connection: keep-alive

There is only one line in the actual HTTP 407 error, so that last update on the ticket doesn't quite match but it might be worth trying that patch on a FreeBSD box to see if it helps.

#4 Updated by Jim Thompson 7 months ago

  • Assignee set to Jim Pingle

#5 Updated by Jim Pingle 7 months ago

  • Assignee changed from Jim Pingle to Renato Botelho

Looks like the patch on the FreeBSD bug entry was committed. We should be able to pull it in from there.

#6 Updated by Renato Botelho 7 months ago

  • Status changed from New to Feedback
  • Assignee changed from Renato Botelho to Jim Pingle

Done. Last commit was cherry-picked

#7 Updated by Jim Pingle 7 months ago

  • Status changed from Feedback to Resolved

Works on the latest snap including the patch.

Also available in: Atom PDF