Open ZwS opened 8 years ago
Unfortunately this debug log only has debugging information from Telepathy/Telepathy-Haze but nothing from libpurple, so I'm not able to see what's going on with the plugin that its not getting cookies to login.
Are you able to get a debug log from libpurple, instead?
I reproduced issue in pidgin. Here is debug log.
(12:30:43) account: Connecting to account anton.sudak@gmail.com.
(12:30:43) connection: Connecting. gc = 0x7f1ff2213c20
(12:30:43) util: requesting to fetch a URL
(12:30:43) dnsquery: Performing DNS lookup for 192.168.0.12
(12:30:43) dns: Created new DNS child 7623, there are now 1 children.
(12:30:43) dns: Successfully sent DNS request to child 7623
(12:30:43) dns: Got response for '192.168.0.12'
(12:30:43) dnsquery: IP resolved for 192.168.0.12
(12:30:43) proxy: Attempting connection to 192.168.0.12
(12:30:43) proxy: Connecting to login.skype.com:443 via 192.168.0.12:3128 using HTTP
(12:30:43) proxy: Connection in progress
(12:30:43) proxy: Connected to login.skype.com:443.
(12:30:43) proxy: Using CONNECT tunneling for login.skype.com:443
(12:30:43) proxy: HTTP proxy connection established
(12:30:43) proxy: Connected to login.skype.com:443.
(12:30:43) nss: subject=CN=login.skype.com,O=Skype,L=Dublin,C=IE issuer=CN=Microsoft IT SSL SHA2,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
(12:30:43) nss: subject=CN=Microsoft IT SSL SHA2,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US issuer=CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
(12:30:43) nss: partial certificate chain
(12:30:43) certificate/x509/tls_cached: Starting verify for login.skype.com
(12:30:43) certificate/x509/tls_cached: Checking for cached cert...
(12:30:43) certificate/x509/tls_cached: ...Found cached cert
(12:30:43) nss/x509: Loading certificate from /home/asudak/.purple/certificates/x509/tls_peers/login.skype.com
(12:30:43) certificate/x509/tls_cached: Peer cert matched cached
(12:30:43) nss/x509: Exporting certificate to /home/asudak/.purple/certificates/x509/tls_peers/login.skype.com
(12:30:43) util: Writing file /home/asudak/.purple/certificates/x509/tls_peers/login.skype.com
(12:30:43) nss: Trusting CN=login.skype.com,O=Skype,L=Dublin,C=IE
(12:30:43) certificate: Successfully verified certificate for login.skype.com
(12:30:43) util: request constructed
(12:30:43) util: Response headers: 'HTTP/1.1 302 Found
Server: nginx
Date: Fri, 15 Jan 2016 10:30:44 GMT
Content-Type: text/html
Content-Length: 0
Connection: close
Set-Cookie: SC=CC=:CCY=:LC=en:LIM=:TM=1452853844:TS=1452853844:TZ=:VAT=:VER=; expires=Sat, 14-Jan-2017 10:30:44 GMT; Max-Age=31536000; path=/; domain=.skype.com
X-Stratus-Processing-Time: 0.0152
X-Skype-Request-Id: f5f12c12
X-Stratus-Request-Id: f5f12c12
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:01 +0000
P3P: CP="CAO PSA OUR"
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1452853844&rver=6.6.6577.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D578134%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en
X-Stratus-Config-Namespace:
X-Content-Type-Options: nosniff
X-Processing-Time: 0.019
Strict-Transport-Security: max-age=31536000; includeSubDomains
'
(12:30:43) util: Redirecting to https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1452853844&rver=6.6.6577.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D578134%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en
(12:30:43) dnsquery: Performing DNS lookup for 192.168.0.12
(12:30:43) dns: Successfully sent DNS request to child 7623
(12:30:43) dns: Got response for '192.168.0.12'
(12:30:43) dnsquery: IP resolved for 192.168.0.12
(12:30:43) proxy: Attempting connection to 192.168.0.12
(12:30:43) proxy: Connecting to login.live.com:443 via 192.168.0.12:3128 using HTTP
(12:30:43) proxy: Connection in progress
(12:30:43) proxy: Connected to login.live.com:443.
(12:30:43) proxy: Using CONNECT tunneling for login.live.com:443
(12:30:43) proxy: HTTP proxy connection established
(12:30:43) proxy: Connected to login.live.com:443.
(12:30:44) nss: subject=CN=gateway.login.live.com,OU=Passport,O=Microsoft Corporation,STREET=1 Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=Private Organization,incorporationState=Washington,incorporationCountry=US issuer=CN=Symantec Class 3 EV SSL CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US
(12:30:44) nss: subject=CN=Symantec Class 3 EV SSL CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US issuer=CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
(12:30:44) nss: partial certificate chain
(12:30:44) certificate/x509/tls_cached: Starting verify for login.live.com
(12:30:44) certificate/x509/tls_cached: Checking for cached cert...
(12:30:44) certificate/x509/tls_cached: ...Found cached cert
(12:30:44) nss/x509: Loading certificate from /home/asudak/.purple/certificates/x509/tls_peers/login.live.com
(12:30:44) certificate/x509/tls_cached: Peer cert matched cached
(12:30:44) nss/x509: Exporting certificate to /home/asudak/.purple/certificates/x509/tls_peers/login.live.com
(12:30:44) util: Writing file /home/asudak/.purple/certificates/x509/tls_peers/login.live.com
(12:30:44) nss: Trusting CN=gateway.login.live.com,OU=Passport,O=Microsoft Corporation,STREET=1 Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=Private Organization,incorporationState=Washington,incorporationCountry=US
(12:30:44) certificate: Successfully verified certificate for login.live.com
(12:30:44) util: request constructed
(12:30:44) util: Response headers: 'HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 15 Jan 2016 10:30:45 GMT
Connection: close
Content-Length: 339
'
(12:30:44) util: parsed 339
(12:30:44) g_log: skypeweb_string_get_chunk: assertion 'chunk_start' failed
(12:30:44) connection: Connection error on 0x7f1ff2213c20 (reason: 2 description: Failed getting MSPRequ cookie)
(12:30:44) account: Disconnecting account anton.sudak@gmail.com (0x7f1ff17d48f0)
(12:30:44) connection: Disconnecting connection 0x7f1ff2213c20
(12:30:44) GLib: g_source_remove: assertion 'tag > 0' failed
(12:30:44) GLib: g_source_remove: assertion 'tag > 0' failed
(12:30:44) GLib: g_source_remove: assertion 'tag > 0' failed
(12:30:44) skypeweb: getting url /logout
(12:30:44) skypeweb: sending headers:
GET /logout HTTP/1.0
Host: login.skype.com
Connection: close
Accept: */*
Cookie:
Accept-Encoding: gzip
Accept-Language: en-US, en, en, C
(12:30:44) dnsquery: Performing DNS lookup for 192.168.0.12
(12:30:44) skypeweb: destroying 0 waiting connections
(12:30:44) skypeweb: destroying 1 incomplete connections
(12:30:44) connection: Destroying connection 0x7f1ff2213c20
(12:30:49) util: Writing file accounts.xml to directory /home/asudak/.purple
(12:30:49) util: Writing file /home/asudak/.purple/accounts.xml
dns[7623]: nobody needs me... =(
In account settings set to use environmental settings. I believe that same proxy configuration used by empathy. proxy set up for http and https protocols with GNOME3 control center. proxy_http and proxy_https variables also defined.
Same for me when I connect to my Office365 account(I can succefully connect using "Skype Enterprise 2016" standalone client).
Debug log :
(10:58:39) proxy: Attempting connection to 145.232.108.210
(10:58:39) proxy: Connecting to login.skype.com:443 via proxy-bc1.vd.ch:8080 using HTTP
(10:58:39) proxy: Connection in progress
(10:58:39) proxy: Connected to login.skype.com:443.
(10:58:39) proxy: Using CONNECT tunneling for login.skype.com:443
(10:58:39) proxy: HTTP proxy connection established
(10:58:39) proxy: Connected to login.skype.com:443.
(10:58:40) nss: SSL version 3.3 using 256-bit AES with 160-bit SHA1 MAC
Server Auth: 2048-bit RSA, Key Exchange: 2048-bit RSA, Compression: NULL
Cipher Suite Name: TLS_RSA_WITH_AES_256_CBC_SHA
(10:58:40) nss: subject=CN=login.skype.com,O=Skype,L=Dublin,C=IE issuer=CN=Microsoft IT SSL SHA2,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
(10:58:40) nss: subject=CN=Microsoft IT SSL SHA2,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US issuer=CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
(10:58:40) nss: subject=CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE issuer=CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
(10:58:40) certificate/x509/tls_cached: Starting verify for login.skype.com
(10:58:40) certificate/x509/tls_cached: Checking for cached cert...
(10:58:40) certificate/x509/tls_cached: ...Found cached cert
(10:58:40) nss/x509: Loading certificate from C:\Users\g1v8co\AppData\Roaming\.purple\certificates\x509\tls_peers\login.skype.com
(10:58:40) certificate/x509/tls_cached: Peer cert matched cached
(10:58:40) nss/x509: Exporting certificate to C:\Users\g1v8co\AppData\Roaming\.purple\certificates\x509\tls_peers\login.skype.com
(10:58:40) util: Writing file C:\Users\g1v8co\AppData\Roaming\.purple\certificates\x509\tls_peers\login.skype.com
(10:58:40) nss: Trusting CN=login.skype.com,O=Skype,L=Dublin,C=IE
(10:58:40) certificate: Successfully verified certificate for login.skype.com
(10:58:40) util: request constructed
(10:58:40) util: Response headers: 'HTTP/1.1 302 Found
Server: nginx
Date: Tue, 09 Feb 2016 09:58:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: close
Set-Cookie: SC=CC=:CCY=:LC=en:LIM=:TM=1455011920:TS=1455011920:TZ=:VAT=:VER=; expires=Wed, 08-Feb-2017 09:58:40 GMT; Max-Age=31536000; path=/; domain=.skype.com
X-Stratus-Processing-Time: 0.0168
X-Skype-Request-Id: 04dfdd4b
X-Stratus-Request-Id: 04dfdd4b
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:01 +0000
P3P: CP="CAO PSA OUR"
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1455011920&rver=6.6.6577.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D578134%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en
X-Stratus-Config-Namespace:
X-Content-Type-Options: nosniff
X-Processing-Time: 0.021
Strict-Transport-Security: max-age=31536000; includeSubDomains
'
(10:58:40) util: Redirecting to https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1455011920&rver=6.6.6577.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D578134%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en
(10:58:40) dnsquery: Performing DNS lookup for proxy-bc1.vd.ch
(10:58:40) dnsquery: IP resolved for proxy-bc1.vd.ch
(10:58:40) proxy: Attempting connection to 145.232.108.210
(10:58:40) proxy: Connecting to login.live.com:443 via proxy-bc1.vd.ch:8080 using HTTP
(10:58:40) proxy: Connection in progress
(10:58:40) proxy: Connected to login.live.com:443.
(10:58:40) proxy: Using CONNECT tunneling for login.live.com:443
(10:58:40) proxy: HTTP proxy connection established
(10:58:40) proxy: Connected to login.live.com:443.
(10:58:40) nss: SSL version 3.3 using 256-bit AES with 160-bit SHA1 MAC
Server Auth: 2048-bit RSA, Key Exchange: 521-bit ECDHE, Compression: NULL
Cipher Suite Name: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(10:58:40) nss: subject=CN=gateway.login.live.com,OU=Passport,O=Microsoft Corporation,STREET=1 Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=Private Organization,incorporationState=Washington,incorporationCountry=US issuer=CN=Symantec Class 3 EV SSL CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US
(10:58:40) nss: subject=CN=Symantec Class 3 EV SSL CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US issuer=CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
(10:58:40) nss: subject=CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US issuer=OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
(10:58:40) nss: subject=OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US issuer=OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
(10:58:40) certificate/x509/tls_cached: Starting verify for login.live.com
(10:58:40) certificate/x509/tls_cached: Checking for cached cert...
(10:58:40) certificate/x509/tls_cached: ...Found cached cert
(10:58:40) nss/x509: Loading certificate from C:\Users\g1v8co\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
(10:58:40) certificate/x509/tls_cached: Peer cert matched cached
(10:58:40) nss/x509: Exporting certificate to C:\Users\g1v8co\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
(10:58:40) util: Writing file C:\Users\g1v8co\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
(10:58:40) nss: Trusting CN=gateway.login.live.com,OU=Passport,O=Microsoft Corporation,STREET=1 Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=Private Organization,incorporationState=Washington,incorporationCountry=US
(10:58:40) certificate: Successfully verified certificate for login.live.com
(10:58:40) util: request constructed
(10:58:40) util: Response headers: 'HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 09 Feb 2016 09:58:39 GMT
Connection: close
Content-Length: 339
'
(10:58:40) util: parsed 339
(10:58:40) g_log: skypeweb_string_get_chunk: assertion `chunk_start' failed
(10:58:40) connection: Connection error on 063E5838 (reason: 2 description: Failed getting MSPRequ cookie)
(10:58:40) jabber: jabber_actions: have pep: NO
(10:58:40) jabber: jabber_actions: have pep: NO
(10:58:40) jabber: jabber_actions: have pep: NO
(10:58:40) account: Disconnecting account sbenbouzid@sqli.com (0647BC68)
(10:58:40) connection: Disconnecting connection 063E5838
(10:58:40) GLib: g_source_remove: assertion `tag > 0' failed
(10:58:40) GLib: g_source_remove: assertion `tag > 0' failed
(10:58:40) GLib: g_source_remove: assertion `tag > 0' failed
(10:58:40) skypeweb: getting url /logout
(10:58:40) skypeweb: sending headers:
GET /logout HTTP/1.0
Host: login.skype.com
Connection: close
Accept: */*
Cookie:
Accept-Encoding: gzip
Accept-Language: fr, C
(10:58:40) dnsquery: Performing DNS lookup for proxy-bc1.vd.ch
(10:58:40) skypeweb: destroying 0 waiting connections
(10:58:40) skypeweb: destroying 1 incomplete connections
(10:58:40) jabber: jabber_actions: have pep: NO
(10:58:40) jabber: jabber_actions: have pep: NO
(10:58:40) jabber: jabber_actions: have pep: NO
(10:58:40) connection: Destroying connection 063E5838
Note that it works like a charm for my "public" (regular) skype account, through proxy. It seems like it only fail using an "enterprise" (office365/lync/communicator) skype account, through proxy or not.
The issue seems to concern the connection to the login.live.com certificate :
CN=gateway.login.live.com,OU=Passport,O=Microsoft Corporation,STREET=1 Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=Private Organization,incorporationState=Washington,incorporationCountry=US
...
Response headers: 'HTTP/1.1 400 Bad Request
I got this problem today with a new Microsoft account (now skype is forcing to create a new account through Microsoft). I'm also using a proxy (mandatory at work..)
Failed getting MSPRequ cookie
In the debug log:
(2016-07-28 15:19:07) [DEBUG] util: Redirecting to https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1469711946&rver=6.6.6577.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D578134%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en&cobrandid=90010&client_flight=hsu%2Chlm%2CReservedFlight33
[...]
(2016-07-28 15:19:08) [DEBUG] certificate: Successfully verified certificate for login.live.com (2016-07-28 15:19:08) [DEBUG] util: request constructed (2016-07-28 15:19:08) [DEBUG] util: Response headers: 'HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Thu, 28 Jul 2016 13:19:08 GMT Connection: close Content-Length: 339
' (2016-07-28 15:19:08) [DEBUG] util: parsed 339 (2016-07-28 15:19:08) [DEBUG] connection: Connection error on 0x1ac8e50 (reason: 2 description: Failed getting MSPRequ cookie)
Any info on this ? The certificate seems OK so I don't see the problem
Thanks
Just to be sure I have tested this exact same microsoft account at home without proxy, and it's working. It's definitely a problem with proxy enabled. A normal skype account can work perfectly with proxy, only this login.live.com have problem with it. An other test with the same proxy in a browser on web.skype.com with this microsoft account is also working. So the problem does not seem to come from the squid proxy but with the handling of the url request.
As I said in #479 , with a new Live skype account, and now with all older skype accounts with the new auth which anyway going through Live, the auth is not working anymore with a proxy configured.
Logs: [...](2016-10-19 17:49:21) [DEBUG] certificate: Successfully verified certificate for login.live.com (2016-10-19 17:49:21) [DEBUG] util: Request: 'GET https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1476892160&rver=6.6.6577.0&wp=MBI_SSL&wreply=https%3A%2F%2Flw.skype.com%2Flogin%2Foauth%2Fproxy%3Fclient_id%3D578134%26redirect_uri%3Dhttps%253A%252F%252Fweb.skype.com%26site_name%3Dlw.skype.com&lc=1033&id=293290&mkt=en&uaid=a1132b72cbb132a20b6735209edf353b&cobrandid=90010&client_flight=hsu%2Chlm%2Chld%2CReservedFlight33%2CReservedFlight67 HTTP/1.0 Connection: close Accept: / Host: login.live.com Proxy-Authorization: Basic ###hidden### Proxy-Authorization: NTLM ###hidden### Proxy-Connection: Keep-Alive
' (2016-10-19 17:49:21) [DEBUG] util: Response headers: 'HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 19 Oct 2016 15:49:21 GMT Connection: close Content-Length: 339
' (2016-10-19 17:49:21) [DEBUG] util: parsed 339 (2016-10-19 17:49:21) [DEBUG] connection: Connection error on 0x21a73a0 (reason: 2 description: Failed getting MSPRequ cookie)
Thanks
EDIT: I found how to fix my "proxy problem" with some changes in headers in the request. (I made some ugly changes directly in util.c in libpurple on user agent, accept, and proxy header)
@spyjo did you ever commit those changes? I am having issues with Proxy-Authorization sending both Basic and NTLM and causing my proxy to fail the auth.
Hello, I got some issues while using this plugin with proxy. Seems skypeweb ignores system wide proxy settings. I got this issue while trying to set up skypeweb in empathy. In pidgin this issue can be solved by setting up proxy for account, but empathy doesn't have such functionality. Here some connection logs from empathy