Opened 2 years ago

Last modified 3 weeks ago

#1187 assigned Bug / Defect

http-proxy fails with: Assertion failed at proxy.c:250 (strlen(p->up.username) > 0)

Reported by: simu Owned by: plaisthos
Priority: critical Milestone: release 2.4.11
Component: Networking Version: OpenVPN 2.4.7 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: http-proxy
Cc:

Description

Hi,
http-proxy seems NOT to cache username/password anymore. When it first connects, it is asking for username/password to management-console and successfully connects with this credentials. But when openvpn-client re-connects, it fails with: Assertion failed at proxy.c:250 (strlen(p->up.username) > 0) and the logging does not show that it was asking for username/password again. For me it seems that the client thinks he has still his username/password cached (maybe a flag somewhere) but the memory of username and password is already deleted.
My setup is working fine on Version 2.3.18, so there must be a change in http-proxy between 2.3.18 and 2.4.x (I also tested it with 2.4.3, 2.4.4, 2.4.5, same failure)
thanks
Simu

Change History (7)

comment:2 Changed 2 years ago by BhenChod

spam

Last edited 2 years ago by tincantech (previous) (diff)

comment:3 Changed 20 months ago by Gert Döring

Owner: set to plaisthos
Status: newassigned

could this be related to the client-side auth-token changes?

comment:4 Changed 20 months ago by Gert Döring

Milestone: release 2.4.8release 2.4.9

comment:5 Changed 3 months ago by Gert Döring

Milestone: release 2.4.9release 2.4.11

This needs re-testing with 2.4.10 and 2.5.1 and either closing or fixing.

@simu: what does this need? A windows machine with --http-proxy in its config and a http proxy that asks for HTTP auth?

comment:6 Changed 2 months ago by Eriol

I have the same exact problem (version 2.4.x and 2.5.1) with the same exact logfile:

Client starts the connection and first tries to connect to the proxy server. As soon as the TCP connection is successful it sends the username/password and manages to connect to the proxy.

After that it tries to connect to the OpenVPN server but it gets a SIGUSR1[soft,connection-reset] from the OpenVPN server without any further explanation about the reason of the reset.

The client naturally wants to reconnect:
It tries to connect to the proxy server again but after the successful TCP connection it does not sends the username/password but tries to connect to the OpenVPN server right away (at least based on the client's logfile).
This action fails with:

MANAGEMENT: Client disconnected
Assertion failed at proxy.c:250 (strlen(p->up.username) > 0

Also I found that the reason of the initial OpenVPN server reset is that the server's CRL has expired. It would be great to get at least description about the reset reason to the client from the server to know where to start digging at the first place.

comment:7 Changed 3 weeks ago by simu

@Gert Döring
Yes, that is exact my testcase. A http-proxy in between of the VPN server and the VPN-Client. The VPN-Client is a windows machine using the flag --http-proxy and the http-proxy in between.
As Eriol stated, this happens only when the client reconnects.

Note: See TracTickets for help on using tickets.