CRL check is not performed via the configured proxy - Githubissues

microsoft / cpprestsdk

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Other

7.91k stars 1.64k forks source link

CRL check is not performed via the configured proxy #1732

Open doronshemtov opened 1 year ago

doronshemtov commented 1 year ago

Description

When an http_client is configured with proxy, the CRL check is not being sent to the proxy configure via client_config.set_proxy.

Client example:

http_client_config client_config;
web::web_proxy proxy(proxy_url);
client_config.set_proxy(proxy);
client_config.set_validate_certificate(true);
m_client = http_client(web::uri(m_base_url), client_config);

How to reproduce (tested on Windows 10):

Set a local proxy

pip install proxy.py
python -m proxy --hostname 127.0.0.1

The default port is 8899

Clear the CRL cache certutil -urlcache * delete
Execute a client based on the example above. Use this proxy url: http://127.0.0.1:8899
In this screenshot, it is visible (using sysinternal's procmon) that the CRL wasn't downloaded using the proxy. All the requests are performed by the same application. The requests to 192.124.249.22:80 are the CRL check requests. The rest of the requests are sent to the configure proxy.