add-on updater might ignore outbound proxy changes

[GoogleCodeExporter]

What steps will reproduce the problem?
1. the machine running zaproxy needs an outbound proxy to hit the net. I set it 
in the connection options and tested it. Zaproxy can definitely see the net.
2. Used the add-on manager to look for updates
3. checker timed out

What is the expected output? What do you see instead?
should use the proxy

What version of the product are you using? On what operating system?
2.2.2 win7

Please provide any additional information below.

Original issue reported on code.google.com by ro...@digininja.org on 20 Dec 2013 at 10:47

[GoogleCodeExporter]

Would you mind check ZAP's log file to see if there's any error? (file zap.log 
located in ZAP's default directory (or the directory manually specified) [1]).

Both the initial check as the file downloads are using the outgoing proxy 
server set in the options.
Tested with two ZAP (version 2.2.2) instances, the first instance is configured 
to proxy through the second. I'm seeing all "updater" requests done by the 
first instance going through the second.

[1] https://code.google.com/p/zaproxy/wiki/FAQconfig

Original comment by THC...@gmail.com on 22 Dec 2013 at 5:21

[GoogleCodeExporter]

Unfortunately I found this on a client network that I was on last week and
I've left now.

It could have been filtering on their proxy but I know that the proxy was
in use because I could browse external sites through ZAP and that would
only have worked if the proxy was in place properly.

Original comment by ro...@digininja.org on 22 Dec 2013 at 6:50

[GoogleCodeExporter]

OK. Does the proxy required authentication? NTLM? The authentication could fail 
if it required a domain name.

Original comment by THC...@gmail.com on 8 Jan 2014 at 2:43

[GoogleCodeExporter]

No it didn't require anything

Original comment by ro...@digininja.org on 8 Jan 2014 at 7:41

[GoogleCodeExporter]

OK. Let us know if you encounter the issue again.

Thanks!

Original comment by THC...@gmail.com on 8 Jan 2014 at 3:46

• Changed state: InsufficientEvidence

[GoogleCodeExporter]

It was probably a one off situation using a client PC on their network
with their proxy which was still being tuned so it may have been any
of those that caused the problems.

Original comment by ro...@digininja.org on 8 Jan 2014 at 3:49

[GoogleCodeExporter]

OK. Thank you for letting us know.

Original comment by THC...@gmail.com on 9 Jan 2014 at 5:10

[GoogleCodeExporter]

I am currently having this issue on OWASP ZAP 2.3.1 and Windows 8.1 Pro 64bit.  

"Use an outgoing proxy server" is selected in Tools > Options > Connection and  
this is functional when pointing Firefox to ZAP.  However, if I go to Help > 
Check For Updates... The Manage Add-ons screen appears to timeout after 3-5 
minutes with  an OWASP ZAP pop-up stating "Error encountered.  Please check 
manually for new updates".

I found the zap.log but there doesn't appear to be anything relevant.  Here is 
the last few lines of the log file, showing a test scan I performed but no 
errors for all the subsequent errors I received when checking for updates:

2014-12-30 17:04:45,167 INFO  Scanner - scanner completed in 0.828s
2014-12-30 17:23:27,604 INFO  SSLConnector - ClientCert disabled
2014-12-30 17:23:27,636 WARN  OptionsGlobalExcludeURLPanel - []
2014-12-30 17:23:27,636 INFO  Session - >>> setGlobalExcludeURLRegexs
2014-12-30 17:23:27,636 INFO  Session - <<< setGlobalExcludeURLRegexs
2014-12-30 17:23:27,636 INFO  Session - >>> forceGlobalExcludeURLRefresh: []
2014-12-30 17:23:27,636 INFO  Session - >>> forceGlobalExcludeURLRefresh: []
2014-12-30 17:23:27,636 INFO  Session - >>> forceGlobalExcludeURLRefresh: []

Original comment by david.li...@gmail.com on 30 Dec 2014 at 10:35

[GoogleCodeExporter]

FYI - I restarted OWASP ZAP and it seemed to start using the outbound proxy 
settings and I was able to install updates successfully.

Original comment by david.li...@gmail.com on 30 Dec 2014 at 10:46

[GoogleCodeExporter]

OK, thanks for lettings us know.

The proxy changes were not being picked up by "Check for updates". The code was 
changed in the meantime and now it uses the latest proxy settings set.

Original comment by THC...@gmail.com on 18 Jan 2015 at 4:33

• Changed title: add-on updater might ignore outbound proxy changes
• Changed state: Committed

[GoogleCodeExporter]

Fixed in 2.4.0

Original comment by psii...@gmail.com on 14 Apr 2015 at 11:03

• Changed state: Fixed