Web Proxy Support is not working in windows OS

[vasugowda]

Describe the bug

The localproxy is not working behind the firewall(web proxy) in Windows OS

To Reproduce

Steps to reproduce the behavior:

1. Build local proxy in windows by following steps here https://github.com/aws-samples/aws-iot-securetunneling-localproxy/blob/master/windows-localproxy-build.md
2. set HTTPS_PROXY In windows OS
3. Tested web proxy URL as specified and getting 200 response. https://docs.aws.amazon.com/iot/latest/developerguide/configure-local-proxy-web-proxy.html
4. Run localproxy as source ex: localproxy.exe -r -s -c -t
5. Step 4 throws error: "Could not perform SSL handshake with proxy server: no start line"

Expected behavior

Should connect to tunnel without error

Actual behavior

Throwing error: "Could not perform SSL handshake with proxy server: no start line"

Logs

[2021-07-23T00:37:17.434245]{4228}[warning] Found access token supplied via CLI arg. Consider using environment variable AWSIOT_TUNNEL_ACCESS_TOKEN instead [2021-07-23T00:37:17.434245]{4228}[trace] Extracting protocol [2021-07-23T00:37:17.434245]{4228}[info] Parsed URL protocol [2021-07-23T00:37:17.434245]{4228}[debug] No authentication is found in the URL, assuming no authentication is required. [2021-07-23T00:37:17.434245]{4228}[info] Found Web proxy information in the environment variables, will use it to connect via the proxy. [2021-07-23T00:37:17.434245]{4228}[debug] v2 local proxy starts with v1 local proxy format [2021-07-23T00:37:17.434245]{4228}[info] Starting proxy in source mode [2021-07-23T00:37:17.434245]{4228}[trace] Setting up web socket... [2021-07-23T00:37:17.434245]{4228}[trace] Calling control_callback with type: websocket_stream_single_ssl_type [2021-07-23T00:37:17.434245]{4228}[info] Attempting to establish web socket connection with endpoint wss://:443 [2021-07-23T00:37:17.434245]{4228}[trace] Resolving Web proxy host: [2021-07-23T00:37:17.449878]{4228}[debug] Resolved Web proxy IP: [2021-07-23T00:37:17.449878]{4228}[trace] Establishing TCP connection with the Web Proxy [2021-07-23T00:37:17.476123]{4228}[debug] Connected successfully with Web Proxy [2021-07-23T00:37:17.476123]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:17.476123]{4228}[trace] Preparing HTTP CONNECT request [2021-07-23T00:37:17.476123]{4228}[trace] Sending HTTP CONNECT [2021-07-23T00:37:17.476123]{4228}[debug] Successfully sent HTTP CONNECT to the Web proxy [2021-07-23T00:37:17.476123]{4228}[trace] Waiting for HTTP CONNECT response from the Web proxy [2021-07-23T00:37:17.517625]{4228}[trace] Parsing the HTTPS response from the Web proxy [2021-07-23T00:37:17.517625]{4228}[debug] Full response from the Web proxy: HTTP/1.1 200 Connection Established Proxy-Agent: [2021-07-23T00:37:20.610768]{4228}[info] TCP tunnel established successfully [2021-07-23T00:37:20.610768]{4228}[debug] Connected successfully with proxy server [2021-07-23T00:37:20.610768]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:20.610768]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:20.610768]{4228}[trace] Performing SSL handshake with proxy server [2021-07-23T00:37:20.610768]{4228}[trace] Calling set_verify_mode with type: single_ssl_stream [2021-07-23T00:37:20.610768]{4228}[trace] Calling set_verify_callback with type: single_ssl_stream [2021-07-23T00:37:20.610768]{4228}[trace] Calling next_layer().async_handshake with type: websocket_stream_single_ssl_type [2021-07-23T00:37:21.142108]{4228}[error] Could not perform SSL handshake with proxy server: no start line [2021-07-23T00:37:23.668078]{4228}[trace] Calling is_open with type: websocket_stream_single_ssl_type [2021-07-23T00:37:23.668637]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:23.668637]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:23.668637]{4228}[trace] Calling control_callback with type: websocket_stream_single_ssl_type [2021-07-23T00:37:23.668637]{4228}[info] Attempting to establish web socket connection with endpoint wss://:443 [2021-07-23T00:37:23.668637]{4228}[trace] Resolving Web proxy host: [2021-07-23T00:37:23.668637]{4228}[debug] Resolved Web proxy IP: [2021-07-23T00:37:23.668637]{4228}[trace] Establishing TCP connection with the Web Proxy [2021-07-23T00:37:23.689671]{4228}[debug] Connected successfully with Web Proxy [2021-07-23T00:37:23.689671]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:23.689671]{4228}[trace] Preparing HTTP CONNECT request [2021-07-23T00:37:23.689671]{4228}[trace] Sending HTTP CONNECT [2021-07-23T00:37:23.689671]{4228}[debug] Successfully sent HTTP CONNECT to the Web proxy [2021-07-23T00:37:23.689671]{4228}[trace] Waiting for HTTP CONNECT response from the Web proxy [2021-07-23T00:37:23.704197]{4228}[trace] Parsing the HTTPS response from the Web proxy [2021-07-23T00:37:23.704197]{4228}[debug] Full response from the Web proxy: HTTP/1.1 200 Connection Established Proxy-Agent: [2021-07-23T00:37:23.719849]{4228}[info] TCP tunnel established successfully [2021-07-23T00:37:23.719849]{4228}[debug] Connected successfully with proxy server [2021-07-23T00:37:23.719849]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:23.719849]{4228}[trace] Calling lowest_layer with type: websocket_stream_single_ssl_type [2021-07-23T00:37:23.719849]{4228}[trace] Performing SSL handshake with proxy server [2021-07-23T00:37:23.719849]{4228}[trace] Calling set_verify_mode with type: single_ssl_stream [2021-07-23T00:37:23.719849]{4228}[trace] Calling set_verify_callback with type: single_ssl_stream [2021-07-23T00:37:23.719849]{4228}[trace] Calling next_layer().async_handshake with type: websocket_stream_single_ssl_type [2021-07-23T00:37:24.235453]{4228}[error] Could not perform SSL handshake with proxy server: no start line

Environment (please complete the following information):

• OS: Windows 10 Enterprise
• Version: 2004
• Architecture: Intel(R) Xeon(R) 64-bit operating system, x64-based processor
• Localproxy commit: (HTTP proxy support) https://github.com/aws-samples/aws-iot-securetunneling-localproxy/commit/41a8b0377790e14bad707c571f75e7e5e66bfa49

Additional context

Where as localproxy works in linux and macOS environment behind the firewall

[kareali]

Looks like a problem with the cert you're using to connect to the cloud, could share the cert you're using in windows?

And if you haven't, please make sure you follow the instructions for setting up the cert on windows.

[vasugowda]

The cert folder is created in C:\certs path and it is referenced as an argument "localproxy.exe -r us-east-1 -s -c C:\certs -t " PFA certs used in Windows. certs.zip

[kareali]

@vasugowda the cert you've attached is empty/invalid. This is the content of ce5e74ef.0 cert file

-----BEGIN CERTIF

How are you generating the cert file? it seems to be failing to actually generate it.

[vasugowda]

@kareali thank you. After following below setps on certificate setup the local proxy is working behind the firewall D:\lib\openssl>set OPENSSL=D:\lib\openssl\apps\openssl.exe D:\lib\openssl>tools\c_rehash.pl D:\certs Doing D:\certs

Once we generate the certificate, can we use the generated certificate in any of the Windows OS for local proxy to work? Or Do we have to always generate the certs with in the Windows OS to use local proxy?

Our use case is the local proxy will be running in multiple Windows OS (behind the firewall).

[kareali]

@vasugowda glad to help!

You can re-use the same generated certificate on any Windows, you don't need to generate a new one for each Windows installation.

[vasugowda]

@kareali Thanks for the clarification.