Download it now!
Bug 127649 - Manual Check For Latest Version Fails through proxy
Summary: Manual Check For Latest Version Fails through proxy
Status: UNCONFIRMED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
6.3.3.2 release
Hardware: x86 (IA32) Windows (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
: 130027 (view as bug list)
Depends on:
Blocks: Updates
  Show dependency treegraph
 
Reported: 2019-09-20 00:09 UTC by William Hensman
Modified: 2020-09-16 18:22 UTC (History)
6 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description William Hensman 2019-09-20 00:09:36 UTC
Description:
SECURITY PROBLEM?
Kaspersky Internet Security FAILED to do Update 
Failed to download update unknown error 

LibreOffice 6.2.5.2 ( Important Update) 

MANUALLY:
When I Check for Updates Manually I get 
Error reading data from the Internet.
Server error message: Could not create SSL connection through proxy server: 200 Connection established.

Tried to do NEW INSTALL FAILED?

Tried Kaspersky Internet Security over several Days Still Fails?

Kaspersky Internet Security FAILED to do Update 
Failed to download update unknown error 

LibreOffice 6.2.5.2 ( Important Update) 

CURRENT VERSION:
Version: 6.2.5.2 (x86)
Build ID: 1ec314fa52f458adc18c4f025c545a4e8b22c159
CPU threads: 4; OS: Windows 6.1; UI render: default; VCL: win; 
Locale: en-AU (en_AU); UI-Language: en-US
Calc: threaded

Steps to Reproduce:
1.Run Kaspersky Internet Security Automatically or Manually
2.Check for Updates Manually
3.Tried to Do New Install  Failed

Actual Results:
Error reading data from the Internet.
Server error message: Could not create SSL connection through proxy server: 200 Connection established.

Expected Results:
Update should be successful


Reproducible: Always


User Profile Reset: No



Additional Info:
Worked
Comment 1 Roman Kuznetsov 2019-09-20 13:50:15 UTC
William, did you ask Kaspersky support about it?

For me it's NOTOURBUG, but...

People, do you have some opinion here?
Comment 2 Orion Poplawski 2019-11-18 23:40:07 UTC
I'm thinking the Kaspersky stuff here may be unrelated/confused?  We have a SSL proxy here and when we try to do Help -> Check for Updates we get:

Error reading data from the internet
Server error message: Could not create SSL connection through proxy server: 200 Connection established.

We see connections to the proxy, but nothing really happens.
Comment 3 Julien Nabet 2020-01-22 16:40:33 UTC
*** Bug 130027 has been marked as a duplicate of this bug. ***
Comment 4 Guilhem Moulin 2020-01-22 17:01:42 UTC
Is the proxy trying to MiTM the connection?  Does it support TLSv1.2 or later?  Does it support SNI?

Could you trace a connection to https://update.libreoffice.org through the proxy (using curl or similar not LO's update check), so we see at which point the handshake chokes?
Comment 5 spam 2020-01-22 19:42:48 UTC
(In reply to Guilhem Moulin from comment #4)
> Is the proxy trying to MiTM the connection?

No.

> Does it support TLSv1.2 or
> later?  Does it support SNI?

Yes.

> Could you trace a connection to https://update.libreoffice.org through the
> proxy (using curl or similar not LO's update check), so we see at which
> point the handshake chokes?

bofh@ubuntu:~$ curl https://update.libreoffice.org -x proxy.lan:3128 -v
* Rebuilt URL to: https://update.libreoffice.org/
*   Trying 192.168.1.253...
* Connected to proxy.lan (192.168.1.253) port 3128 (#0)
* Establish HTTP proxy tunnel to update.libreoffice.org:443
> CONNECT update.libreoffice.org:443 HTTP/1.1
> Host: update.libreoffice.org:443
> User-Agent: curl/7.47.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: update.libreoffice.org (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=update.libreoffice.org
*        start date: Thu, 12 Dec 2019 01:07:34 GMT
*        expire date: Wed, 11 Mar 2020 01:07:34 GMT
*        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: update.libreoffice.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.14.2
< Date: Wed, 22 Jan 2020 19:38:47 GMT
< Content-Type: text/html
< Content-Length: 161
< Connection: keep-alive
< Location: https://www.libreoffice.org/download
<
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
* Connection #0 to host proxy.lan left intact
bofh@ubuntu:~$

Nothing wrong or strange concering the proxy / connection. Simple vanilla Squid.
Comment 6 Guilhem Moulin 2020-01-22 21:08:20 UTC
(In reply to spam from comment #5)
> Nothing wrong or strange concering the proxy / connection. Simple vanilla
> Squid.

Looks good to me as far as update.lo is concerned, doesn't seem a problem with TDF infra/services.

Does LibreOffice even support HTTP CONNECT?  I'm not familiar with the code but it's suspicious that there is no match for CURLOPT_HTTPPROXYTUNNEL.  Did you try to eavesdrop traffic on the your proxy?  Could it be that LO send GET/OPTIONS/PROFIND requests there, instead of asking to open a tunnel with CONNECT?