Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-55960

QNetworkAccessManager looses Proxy-Authorization using ssl connection

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reported
    • Priority: P2: Important
    • Resolution: Unresolved
    • Affects Version/s: 5.6.1
    • Fix Version/s: None
    • Component/s: Network: Proxies
    • Labels:
      None
    • Environment:
      Ubuntu 14.04, 12.04

      Description

      QNetworkAccessManager looses Proxy-Authorization if https is used in conjunction with an authenticating HTTP Proxy.
      I use squid as HTTP Proxy with Digest Authentication. My Access log using https looks like following:


      13.09 10:26:21 0 192.168.99.41 TCP_DENIED/407 3620 CONNECT web.de:443 - NONE/- text/html
      13.09 10:26:31 10142 192.168.99.41 TCP_MISS/200 52108 CONNECT web.de:443 testuser DIRECT/82.165.229.138 -
      13.09 10:26:41 0 192.168.99.41 TCP_DENIED/407 3620 CONNECT web.de:443 - NONE/- text/html
      13.09 10:26:51 10124 192.168.99.41 TCP_MISS/200 48895 CONNECT web.de:443 testuser DIRECT/82.165.229.138 -
      13.09 10:34:36 0 192.168.99.41 TCP_DENIED/407 3620 CONNECT web.de:443 - NONE/- text/html
      13.09 10:34:46 10158 192.168.99.41 TCP_MISS/200 52366 CONNECT web.de:443 testuser DIRECT/82.165.229.138 -
      13.09 10:34:56 0 192.168.99.41 TCP_DENIED/407 3620 CONNECT web.de:443 - NONE/- text/html


      using http instead of https, my squid access.log looks like this


      13.09 10:48:08 0 192.168.99.41 TCP_DENIED/407 3689 GET http://web.de/ - NONE/- text/html
      13.09 10:48:08 79 192.168.99.41 TCP_MISS/301 543 GET http://web.de/ testuser DIRECT/82.165.230.17 text/html
      13.09 10:48:29 18 192.168.99.41 TCP_MISS/301 543 GET http://web.de/ testuser DIRECT/82.165.230.17 text/html
      13.09 10:48:49 17 192.168.99.41 TCP_MISS/301 543 GET http://web.de/ testuser DIRECT/82.165.230.17 text/html


      I inspected the network communication with wireshark and found out that after a successful Proxy-Authorization and connection to the destination host all further connections to the same destination using the same proxy need to authenticate again because of missing Proxy-Authorization header.
      Using non ssl connection all works fine.
      There are 2 Wireshark Dump Files in the example for further investigation.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              richmoore Richard Moore (qtnetwork)
              Reporter:
              mbienst76 Markus Bienst
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Gerrit Reviews

                There are no open Gerrit changes