On Tue, 2014-12-02 at 10:29 +0100, Miloslav ?varc wrote: > Hello, > > I'm succesfuly using Openconnect 6 or 7 in different configurations, > but I have a problem with just one proxy with basic auth. I'm able to > connect through it with different programs (wget, corkscrew, > openvpn...), but when I run this command, no joy. > > # openconnect SERVER --proxy=http://USER:PASSWD at PROXY:8080/ --proxy-auth Basic > > POST https:/SERVER/ > Attempting to connect to proxy PROXY:8080 > Requesting HTTP proxy connection to SERVER:443 > Got HTTP response: HTTP/1.1 407 Proxy Authentication Required > Server: Sun-Java-System-Web-Proxy-Server/4.0 > Date: Fri, 28 Nov 2014 11:07:04 GMT > Content-length: 146 > Content-type: text/html > Proxy-authenticate: Basic realm="PROXY" > Connection: close > Set-Cookie: BIGipServerpool_proxy=****o8080; path=/ > HTTP body length: (146) > Attempting HTTP Basic authentication to proxy > Error fetching HTTPS response > Failed to open HTTPS connection to SERVER > > I suspect the proxy doesn't respond immediately after request, can it > cause this kind of behaviour? The proxy doesn't respond after the request because it wants us to close the connection. There's a clue in that 'Connection: close' header. Unfortunately we only honour 'Proxy-Connection: close'. Try this: diff --git a/http.c b/http.c index c8eae16..d1b5174 100644 --- a/http.c +++ b/http.c @@ -2062,7 +2062,8 @@ static int proxy_hdrs(struct openconnect_info *vpninfo, char *hdr, char *val) { int i; - if (!strcasecmp(hdr, "Proxy-Connection")) { + if (!strcasecmp(hdr, "Proxy-Connection") || + !strcasecmp(hdr, "Connection")) { if (!strcasecmp(val, "close")) vpninfo->proxy_close_during_auth = 1; return 0; -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141202/4b2cf7f4/attachment.bin>
