Issues with BOINC 7.20.2 x64 behind a proxy

Message boards : Questions and problems : Issues with BOINC 7.20.2 x64 behind a proxy
Message board moderation

To post messages, you must log in.

AuthorMessage
MarkHealey

Send message
Joined: 5 Aug 22
Posts: 3
Message 109499 - Posted: 5 Aug 2022, 13:14:53 UTC

I'm running BOINC on a number of Windows servers and laptops, and I've run into an issue with the latest release (7.20.2) if running through a proxy, it seems to be unable to connect using HTTPS as there is an issue validating certificates.

The logs show the following:
04-Aug-2022 15:01:44 [---] [http] [ID#0] Received header from server: HTTP/1.1 200 Connection established
04-Aug-2022 15:01:44 [---] [http] [ID#0] Received header from server:
04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: Proxy replied 200 to CONNECT request
04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: CONNECT phase completed
04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: schannel: disabled automatic use of client certificate
04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: ALPN: offers http/1.1
04-Aug-2022 15:01:49 [---] [http] [ID#0] Info: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.
04-Aug-2022 15:01:49 [---] [http] [ID#0] Info: Closing connection 3
04-Aug-2022 15:01:49 [---] [http] HTTP error: SSL connect error

From first appearances, it would appear that something has changed in the build, as this issue doesn't occur with 7.16.20, and there doesn't appear to be anyway to disable CRL checks.
This happens with all projects - Einstein, Milkyway, NFS, Rosetta, SiDock, SRBase and Universe
Any one have any ideas?

I've run into this issue on both Windows Server 2012 R2 and Server 2019 Standard, all cases installed as a service.
I've tried multiple proxies.

Mark
ID: 109499 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4927
United Kingdom
Message 109500 - Posted: 5 Aug 2022, 13:29:43 UTC - in response to Message 109499.  

I think you'll have to raise this as an issue with the development team directly - especially as it seems to be a regression between v7.16 and v7.20. They may need to ask you questions about the proxies you've tried, and the configurations you've used.

Issues can be raised at https://github.com/BOINC/boinc
ID: 109500 · Report as offensive
Profile Dave
Help desk expert

Send message
Joined: 28 Jun 10
Posts: 2000
United Kingdom
Message 109501 - Posted: 5 Aug 2022, 13:38:15 UTC

Just a quick thought. Doesn't 7.20 use windows certs instead of the crt bundle making it work the same way as the Linux client which gets its certificates from the OS?
ID: 109501 · Report as offensive
computezrmle

Send message
Joined: 2 Feb 22
Posts: 53
Germany
Message 109503 - Posted: 5 Aug 2022, 14:05:15 UTC

Just compiled the recent sources from github on Linux and tried to connect to Rosetta via a Squid proxy.
This works without any further change.
https://boinc.bakerlab.org/rosetta/show_host_detail.php?hostid=6175439
ID: 109503 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4927
United Kingdom
Message 109504 - Posted: 5 Aug 2022, 14:47:12 UTC - in response to Message 109501.  
Last modified: 5 Aug 2022, 15:04:32 UTC

There was a bigger Windows change than just certs - I'll try to dig it out.

edit - I was thinking of

Issue: https://github.com/BOINC/boinc/issues/4542
Pull request: https://github.com/BOINC/boinc/pull/4545

The prime purpose was indeed to use the Windows certificate store, but the PR goes into considerable discussion about how that was achieved using schannel.

I don't see any consideration of proxies, though. It might be best to ping @AenBleidd directly with the problem.
ID: 109504 · Report as offensive
Profile Dave
Help desk expert

Send message
Joined: 28 Jun 10
Posts: 2000
United Kingdom
Message 109505 - Posted: 5 Aug 2022, 15:06:20 UTC - in response to Message 109504.  

There was a bigger Windows change than just certs - I'll try to dig it out.


I will have another look at the change log. Will also check to see whether the certs thing makes any difference under WINE. I guess it should work as some of the games that run under WINE probably need access to something akin to the Windows certs file.
ID: 109505 · Report as offensive
Profile Dave
Help desk expert

Send message
Joined: 28 Jun 10
Posts: 2000
United Kingdom
Message 109509 - Posted: 5 Aug 2022, 16:22:08 UTC - in response to Message 109505.  

7.20.0 seems to work fine at least with CPDN though no poxy proxies here.
ID: 109509 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15175
Netherlands
Message 109510 - Posted: 5 Aug 2022, 16:26:40 UTC - in response to Message 109499.  

running through a proxy
The question is, what kind of proxy?
ID: 109510 · Report as offensive
MarkHealey

Send message
Joined: 5 Aug 22
Posts: 3
Message 109686 - Posted: 24 Aug 2022, 9:47:22 UTC

Sorry not been back since I posted my message due to work pressures.
The proxy is a squid proxy running on Kali linux.
ID: 109686 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15175
Netherlands
Message 109691 - Posted: 25 Aug 2022, 22:43:39 UTC - in response to Message 109686.  

You did set it as an HTTP proxy in BOINC Manager's Options->Other options menu?
ID: 109691 · Report as offensive
MarkHealey

Send message
Joined: 5 Aug 22
Posts: 3
Message 109736 - Posted: 31 Aug 2022, 16:25:09 UTC - in response to Message 109691.  

Yes I did.
ID: 109736 · Report as offensive
computezrmle

Send message
Joined: 2 Feb 22
Posts: 53
Germany
Message 109739 - Posted: 31 Aug 2022, 17:16:28 UTC - in response to Message 109736.  

General advice how to configure and use a Squid proxy together with BOINC can be found here:
https://lhcathome.cern.ch/lhcathome/forum_thread.php?id=5473
https://lhcathome.cern.ch/lhcathome/forum_thread.php?id=5474

Be aware that Squid 5.x may have unresolved issues.
Hence, the recommended version is the most recent 4.x you can get for your OS.
ID: 109739 · Report as offensive

Message boards : Questions and problems : Issues with BOINC 7.20.2 x64 behind a proxy

Copyright © 2022 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.