GNOME Bugzilla – Bug 709411
Does not connect to exchange via proxy and/or man-in-the-middle
Last modified: 2013-11-15 14:13:11 UTC
Created attachment 256445 [details] Sucessfull connection I am in a corporate environment surrounded with Windows users and I want to connect to our exchange server with evolution-ews. The problem I have is that corporate environment has a web monitoring proxy which performs "man-in-the-middle attack" and monitors also all HTTPS traffic - for security purposes. We have Cisco Ironport proxy which does all this nasty sniffing. However, If I connect my computer directly to internet without proxy evolution-ews works fine. See attachment without-man-in-the-middle.txt. When I connect to corporate network with proxy, evolution does not connect. I have set up proxies in evolution correctly. See attachment
Created attachment 256446 [details] Unsuccessfull connection
Oops. Attaching files committed the text too. I will go on. See attachment with-man-in-the-middle.txt. I have a feeling that the problem is not the proxy but the fact that our web monitoring device is injecting its own SSL certificate to be able to monitor HTTPS traffic. I have installed certificate of our interfering equipment and web browsers are happy with it. However there are plenty of other applications which have problems with that. Probably it is some underlying SSL library which does not check for additional certificate installed in the system or maybe closes the connection because certificate's common name does not match the site name. I have also monitored traffic with wireshark. Since it is SSL I can not see much but I can see that my computer sends "Encryption Alert" and FIN to close the TCP connection. After that TCP is finished and evolution can not get data from exchange. What else can I do to help debug this behaviour. I have Ubuntu 13.10 64 bit. I have experience in C, C++, etc. programming but I don't know where to start looking for proper source where this connections and SSL are being written. I would really like to make evolution work for me, because web mail is all I have now and I can not archive old e-mails.
Hello Marko, Thank you for your bug report. Matthew Barnes had been working in a decent proxy support. It's finally pushed to our git (https://git.gnome.org/browse/evolution-ews/commit/?id=e0b97b3b1786581bf423f591363c054246ebe0d8, this one and 3 previous commits). If you're able to compile evolution from git, please, do it and let us know if those commits fix your problem. Best Regards,
I have managed to compile evolution in a virtual machine. It did not work at first, so I started to debug. It turned out that libsoup was not authenticating properly. I fetched also libsoup from git and installed it. With latest libsoup the evolution-ews started to work. Originally installed libsoup file was libsoup-2.4.so.1.6.0 provided by Ubuntu 13.10 x64 packages. The manually installed file is now libsoup-2.4.so.1.7.0. I will now try to install newest libsoup on a computer with Ubuntu default evolution installation and report results here. I suspect that also older evolution versions will work.
I'm unsetting the Blocker status, 3.8.x is out of scope for upstream, the maintained stable version is 3.10 and it contains a fix to support/use proxy settings, as implemented in bug #698728. *** This bug has been marked as a duplicate of bug 698728 ***