Bug 127649 - Manual Check For Latest Version Fails through proxy
Summary: Manual Check For Latest Version Fails through proxy
Status: RESOLVED INSUFFICIENTDATA
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
6.3.3.2 release
Hardware: x86 (IA32) Windows (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
: 130027 (view as bug list)
Depends on:
Blocks: Updates
  Show dependency treegraph
 
Reported: 2019-09-20 00:09 UTC by William Hensman
Modified: 2022-12-11 03:21 UTC (History)
10 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description William Hensman 2019-09-20 00:09:36 UTC
Description:
SECURITY PROBLEM?
Kaspersky Internet Security FAILED to do Update 
Failed to download update unknown error 

LibreOffice 6.2.5.2 ( Important Update) 

MANUALLY:
When I Check for Updates Manually I get 
Error reading data from the Internet.
Server error message: Could not create SSL connection through proxy server: 200 Connection established.

Tried to do NEW INSTALL FAILED?

Tried Kaspersky Internet Security over several Days Still Fails?

Kaspersky Internet Security FAILED to do Update 
Failed to download update unknown error 

LibreOffice 6.2.5.2 ( Important Update) 

CURRENT VERSION:
Version: 6.2.5.2 (x86)
Build ID: 1ec314fa52f458adc18c4f025c545a4e8b22c159
CPU threads: 4; OS: Windows 6.1; UI render: default; VCL: win; 
Locale: en-AU (en_AU); UI-Language: en-US
Calc: threaded

Steps to Reproduce:
1.Run Kaspersky Internet Security Automatically or Manually
2.Check for Updates Manually
3.Tried to Do New Install  Failed

Actual Results:
Error reading data from the Internet.
Server error message: Could not create SSL connection through proxy server: 200 Connection established.

Expected Results:
Update should be successful


Reproducible: Always


User Profile Reset: No



Additional Info:
Worked
Comment 1 Roman Kuznetsov 2019-09-20 13:50:15 UTC
William, did you ask Kaspersky support about it?

For me it's NOTOURBUG, but...

People, do you have some opinion here?
Comment 2 Orion Poplawski 2019-11-18 23:40:07 UTC
I'm thinking the Kaspersky stuff here may be unrelated/confused?  We have a SSL proxy here and when we try to do Help -> Check for Updates we get:

Error reading data from the internet
Server error message: Could not create SSL connection through proxy server: 200 Connection established.

We see connections to the proxy, but nothing really happens.
Comment 3 Julien Nabet 2020-01-22 16:40:33 UTC
*** Bug 130027 has been marked as a duplicate of this bug. ***
Comment 4 Guilhem Moulin 2020-01-22 17:01:42 UTC
Is the proxy trying to MiTM the connection?  Does it support TLSv1.2 or later?  Does it support SNI?

Could you trace a connection to https://update.libreoffice.org through the proxy (using curl or similar not LO's update check), so we see at which point the handshake chokes?
Comment 5 spam 2020-01-22 19:42:48 UTC
(In reply to Guilhem Moulin from comment #4)
> Is the proxy trying to MiTM the connection?

No.

> Does it support TLSv1.2 or
> later?  Does it support SNI?

Yes.

> Could you trace a connection to https://update.libreoffice.org through the
> proxy (using curl or similar not LO's update check), so we see at which
> point the handshake chokes?

bofh@ubuntu:~$ curl https://update.libreoffice.org -x proxy.lan:3128 -v
* Rebuilt URL to: https://update.libreoffice.org/
*   Trying 192.168.1.253...
* Connected to proxy.lan (192.168.1.253) port 3128 (#0)
* Establish HTTP proxy tunnel to update.libreoffice.org:443
> CONNECT update.libreoffice.org:443 HTTP/1.1
> Host: update.libreoffice.org:443
> User-Agent: curl/7.47.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: update.libreoffice.org (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=update.libreoffice.org
*        start date: Thu, 12 Dec 2019 01:07:34 GMT
*        expire date: Wed, 11 Mar 2020 01:07:34 GMT
*        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: update.libreoffice.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.14.2
< Date: Wed, 22 Jan 2020 19:38:47 GMT
< Content-Type: text/html
< Content-Length: 161
< Connection: keep-alive
< Location: https://www.libreoffice.org/download
<
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
* Connection #0 to host proxy.lan left intact
bofh@ubuntu:~$

Nothing wrong or strange concering the proxy / connection. Simple vanilla Squid.
Comment 6 Guilhem Moulin 2020-01-22 21:08:20 UTC
(In reply to spam from comment #5)
> Nothing wrong or strange concering the proxy / connection. Simple vanilla
> Squid.

Looks good to me as far as update.lo is concerned, doesn't seem a problem with TDF infra/services.

Does LibreOffice even support HTTP CONNECT?  I'm not familiar with the code but it's suspicious that there is no match for CURLOPT_HTTPPROXYTUNNEL.  Did you try to eavesdrop traffic on the your proxy?  Could it be that LO send GET/OPTIONS/PROFIND requests there, instead of asking to open a tunnel with CONNECT?
Comment 7 Xisco Faulí 2021-11-23 11:03:47 UTC
Hello William,
Could you please try to reproduce it with the latest version of LibreOffice from https://www.libreoffice.org/download/libreoffice-fresh/ ?
I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the latest version.
Comment 8 quellyn 2021-12-06 16:37:35 UTC
Can confirm this is still happening with LibreOffice 7.2.4.1.
Comment 9 Ron 2021-12-30 18:20:48 UTC
Had the same problem on W10 with the latest version (downloaded today).
It was more of a Windows issue.
If you don't have a local proxy or don't know if you do.  Go to "Change Proxy Settings" in Windows 10
Turn OFF Automatically Detect Settings

Most of us don't use a proxy server but for some reason this setting causes some programs to think there is a proxy server when there isn't.

If you do use a proxy, maybe try manually configuring it in Windows.
Comment 10 Francois Botha 2022-02-18 14:06:26 UTC
I have a similar problem.

In my case our proxy *does* MiTM the connection. I have the relevant root certificates available, but I'm unsure where they should be imported. I have a few JRE environments on my machine and I've imported the certificates into all of them using the keytool and confirmed[1] that I can make a connection to update.libreoffice.org on 443. 

Where else do I need to import the necessary root CA certificates in order for LibreOffice to successfully do an update check?

1. https://matthewdavis111.com/java/poke-ssl-test-java-certs/
Comment 11 Xisco Faulí 2022-05-02 11:59:39 UTC
Thanks for reporting this issue.
Could you please try to reproduce it with the latest version of LibreOffice from https://www.libreoffice.org/download/libreoffice-fresh/ ?
I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the latest version.
Comment 12 QA Administrators 2022-11-10 04:03:19 UTC Comment hidden (obsolete)
Comment 13 QA Administrators 2022-12-11 03:21:02 UTC
Dear William Hensman,

Please read this message in its entirety before proceeding.

Your bug report is being closed as INSUFFICIENTDATA due to inactivity and
a lack of information which is needed in order to accurately
reproduce and confirm the problem. We encourage you to retest
your bug against the latest release. If the issue is still
present in the latest stable release, we need the following
information (please ignore any that you've already provided):

a) Provide details of your system including your operating
   system and the latest version of LibreOffice that you have
   confirmed the bug to be present

b) Provide easy to reproduce steps – the simpler the better

c) Provide any test case(s) which will help us confirm the problem

d) Provide screenshots of the problem if you think it might help

e) Read all comments and provide any requested information

Once all of this is done, please set the bug back to UNCONFIRMED
and we will attempt to reproduce the issue. Please do not:

a) respond via email 

b) update the version field in the bug or any of the other details
   on the top section of our bug tracker

Warm Regards,
QA Team

MassPing-NeedInfo-FollowUp