0

I'm implementing proxy support for an osx app.

I've created a custom NSURLProtocol and it is working perfectly for a proxy without authentication. Tried with both CCProxy and FreeProxy on a Windows computer in the local network.

However when proxy authentication is on, any request in the first few seconds works perfectly then the connection goes from ESTABLISHED to CLOSE_WAIT in 5 seconds. The proxy shows 0 connections again and, after that in the app any HTTP request will get a 407, even though the proxy-auth header is pre-set.

My code looks like this : 

// set the auth fields
CFStringRef usernameRef = (__bridge CFStringRef)appProxyPrefs.proxyUserName;
CFStringRef passwordRef = (__bridge CFStringRef)appProxyPrefs.proxyPassword;
CFHTTPMessageAddAuthentication(copyOfOriginal, nil, usernameRef, passwordRef, kCFHTTPAuthenticationSchemeBasic, YES);
...
// useless
CFHTTPMessageSetHeaderFieldValue(copyOfOriginal, (__bridge CFStringRef)@"Connection", (CFStringRef)(@"Keep-Alive"));
... 
// create stream, callback, schedule
// apply proxy settings to the stream
if (isNoProxyOverride)
    CFReadStreamSetProperty(myReadStream, kCFStreamPropertyHTTPProxy, (__bridge CFTypeRef)(noProxyDict));
else
    CFReadStreamSetProperty(myReadStream, kCFStreamPropertyHTTPProxy, (__bridge CFTypeRef)(manualProxyDict));
...
CFReadStreamSetProperty(myReadStream, kCFStreamPropertyHTTPAttemptPersistentConnection, kCFBooleanTrue);
if (!CFReadStreamOpen(myReadStream)) {  // error }      
    else
    {
        // check if there is a prev stream
        if (currentStream != nil)
        {
            [currentStream close];
            currentStream = nil;
        }
        currentStream = (__bridge NSInputStream *)(myReadStream);
    }

As you see I tried to store the previous conenction in a static inputstream and releasing it only after I open a new one, but seems useless.

Also tried setting the underlying socket to keep-alive in kCFStreamEventOpenCompleted as suggested in NSStream TCP Keep-alive iOS , still without success.

Why does the connection close ? How could I debug it or make it work ? Is the connection's fault the proxy goes craxy ?

Thanks.

Edit 1: wireshark

Edit 2: It seems it has to do with HTTPS... If I change the the server to be plain http instead of https it will work perfectly.

Community
  • 1
  • 1
Templar
  • 1,694
  • 1
  • 14
  • 32
  • Did you check with a traffic capture what side sends the FIN packet? This would narrow it down to a client vs. proxy problem. – RomanK Mar 09 '15 at 18:32
  • @RomanK Installed wireshark on the windows machine and the connection seems to be "live", then the proxy ? sends a FIN and the connection is kept-alive. See edit. – Templar Mar 10 '15 at 08:01
  • It's hard to see from the capture whether 192.168.1.141 is the proxy or the client, but let's assume it's the proxy. There is also a preceding TLS alert, so it's definitely TLS-related as you suspect. It's worth looking at the details of the alert packet and/or proxy logs as they might give a hint. Also, how do you do authentication with a proxy - do you send the `Proxy-Authorization: Basic` header on the initial CONNECT? – RomanK Mar 10 '15 at 18:57
  • 141 is the proxy at port 5555. The 3rd line adds the proxy-auth header. Currently, when I get a 407 I'll just resend the same request and it will get authenticated, I don't really know why wouldn't work with the headers added preemptively when using HTTPS ... – Templar Mar 11 '15 at 11:16
  • So just to reiterate my question - do you add the preemptive `Proxy-Authorization` on CONNECT? It's hard to see from just the packet titles. – RomanK Mar 11 '15 at 18:47
  • @RomanK Yes, every time. – Templar Mar 12 '15 at 08:43

0 Answers0