Message boards : Questions and problems : Issues with BOINC 7.20.2 x64 behind a proxy
Message board moderation
Author | Message |
---|---|
Send message Joined: 5 Aug 22 Posts: 3 |
I'm running BOINC on a number of Windows servers and laptops, and I've run into an issue with the latest release (7.20.2) if running through a proxy, it seems to be unable to connect using HTTPS as there is an issue validating certificates. The logs show the following: 04-Aug-2022 15:01:44 [---] [http] [ID#0] Received header from server: HTTP/1.1 200 Connection established 04-Aug-2022 15:01:44 [---] [http] [ID#0] Received header from server: 04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: Proxy replied 200 to CONNECT request 04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: CONNECT phase completed 04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: schannel: disabled automatic use of client certificate 04-Aug-2022 15:01:44 [---] [http] [ID#0] Info: ALPN: offers http/1.1 04-Aug-2022 15:01:49 [---] [http] [ID#0] Info: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. 04-Aug-2022 15:01:49 [---] [http] [ID#0] Info: Closing connection 3 04-Aug-2022 15:01:49 [---] [http] HTTP error: SSL connect error From first appearances, it would appear that something has changed in the build, as this issue doesn't occur with 7.16.20, and there doesn't appear to be anyway to disable CRL checks. This happens with all projects - Einstein, Milkyway, NFS, Rosetta, SiDock, SRBase and Universe Any one have any ideas? I've run into this issue on both Windows Server 2012 R2 and Server 2019 Standard, all cases installed as a service. I've tried multiple proxies. Mark |
Send message Joined: 5 Oct 06 Posts: 5121 |
I think you'll have to raise this as an issue with the development team directly - especially as it seems to be a regression between v7.16 and v7.20. They may need to ask you questions about the proxies you've tried, and the configurations you've used. Issues can be raised at https://github.com/BOINC/boinc |
Send message Joined: 28 Jun 10 Posts: 2637 |
Just a quick thought. Doesn't 7.20 use windows certs instead of the crt bundle making it work the same way as the Linux client which gets its certificates from the OS? |
Send message Joined: 2 Feb 22 Posts: 81 |
Just compiled the recent sources from github on Linux and tried to connect to Rosetta via a Squid proxy. This works without any further change. https://boinc.bakerlab.org/rosetta/show_host_detail.php?hostid=6175439 |
Send message Joined: 5 Oct 06 Posts: 5121 |
There was a bigger Windows change than just certs - I'll try to dig it out. edit - I was thinking of Issue: https://github.com/BOINC/boinc/issues/4542 Pull request: https://github.com/BOINC/boinc/pull/4545 The prime purpose was indeed to use the Windows certificate store, but the PR goes into considerable discussion about how that was achieved using schannel. I don't see any consideration of proxies, though. It might be best to ping @AenBleidd directly with the problem. |
Send message Joined: 28 Jun 10 Posts: 2637 |
There was a bigger Windows change than just certs - I'll try to dig it out. I will have another look at the change log. Will also check to see whether the certs thing makes any difference under WINE. I guess it should work as some of the games that run under WINE probably need access to something akin to the Windows certs file. |
Send message Joined: 28 Jun 10 Posts: 2637 |
7.20.0 seems to work fine at least with CPDN though no poxy proxies here. |
Send message Joined: 29 Aug 05 Posts: 15542 |
running through a proxyThe question is, what kind of proxy? |
Send message Joined: 5 Aug 22 Posts: 3 |
Sorry not been back since I posted my message due to work pressures. The proxy is a squid proxy running on Kali linux. |
Send message Joined: 29 Aug 05 Posts: 15542 |
You did set it as an HTTP proxy in BOINC Manager's Options->Other options menu? |
Send message Joined: 5 Aug 22 Posts: 3 |
Yes I did. |
Send message Joined: 2 Feb 22 Posts: 81 |
General advice how to configure and use a Squid proxy together with BOINC can be found here: https://lhcathome.cern.ch/lhcathome/forum_thread.php?id=5473 https://lhcathome.cern.ch/lhcathome/forum_thread.php?id=5474 Be aware that Squid 5.x may have unresolved issues. Hence, the recommended version is the most recent 4.x you can get for your OS. |
Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software Foundation.