Problem with basic proxy authentication

David Woodhouse dwmw2 at infradead.org
Tue Dec 2 07:30:42 PST 2014 

On Tue, 2014-12-02 at 10:29 +0100, Miloslav Švarc wrote:
> Hello,
> 
> I'm succesfuly using Openconnect 6 or 7 in different configurations,
> but I have a problem with just one proxy with basic auth. I'm able to
> connect through it with different programs (wget, corkscrew,
> openvpn...), but when I run this command, no joy.
> 
> # openconnect SERVER --proxy=http://USER:PASSWD@PROXY:8080/ --proxy-auth Basic
> 
> POST https:/SERVER/
> Attempting to connect to proxy PROXY:8080
> Requesting HTTP proxy connection to SERVER:443
> Got HTTP response: HTTP/1.1 407 Proxy Authentication Required
> Server: Sun-Java-System-Web-Proxy-Server/4.0
> Date: Fri, 28 Nov 2014 11:07:04 GMT
> Content-length: 146
> Content-type: text/html
> Proxy-authenticate: Basic realm="PROXY"
> Connection: close
> Set-Cookie: BIGipServerpool_proxy=****o8080; path=/
> HTTP body length:  (146)
> Attempting HTTP Basic authentication to proxy
> Error fetching HTTPS response
> Failed to open HTTPS connection to SERVER
> 
> I suspect the proxy doesn't respond immediately after request, can it
> cause this kind of behaviour?

The proxy doesn't respond after the request because it wants us to close
the connection. There's a clue in that 'Connection: close' header.
Unfortunately we only honour 'Proxy-Connection: close'. Try this:

diff --git a/http.c b/http.c
index c8eae16..d1b5174 100644
--- a/http.c
+++ b/http.c
@@ -2062,7 +2062,8 @@ static int proxy_hdrs(struct openconnect_info *vpninfo, char *hdr, char *val)
 {
 	int i;
 
-	if (!strcasecmp(hdr, "Proxy-Connection")) {
+	if (!strcasecmp(hdr, "Proxy-Connection") ||
+	    !strcasecmp(hdr, "Connection")) {
 		if (!strcasecmp(val, "close"))
 			vpninfo->proxy_close_during_auth = 1;
 		return 0;


-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141202/4b2cf7f4/attachment.bin>

More information about the openconnect-devel mailing list