Bug 691627 - Setting a proxy via network settings doesn't work
Setting a proxy via network settings doesn't work
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: xulrunner (Show other bugs)
15
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Horak
Fedora Extras Quality Assurance
: Triaged
: 694821 700370 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-29 00:26 EDT by Theodore Lee
Modified: 2012-03-26 10:19 EDT (History)
28 users (show)

See Also:
Fixed In Version: xulrunner-8.0-5.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-26 07:58:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 682832 None None None Never

  None (edit)
Description Theodore Lee 2011-03-29 00:26:51 EDT
Description of problem:
Trying to tell GNOME to use a proxy (via the network settings in the control centre) doesn't seem to have any effect.

Version-Release number of selected component (if applicable):
NetworkManager-0.8.997-4.git20110325.fc15.x86_64

How reproducible:
This seems to be always reproducible when trying to set a SOCKS proxy to use. Setting other proxy types doesn't seem to work either, although I haven't tried those thoroughly. 

Steps to Reproduce (generic):
1. Click on the NetworkManager icon and click 'Network Settings'.
2. Go to the 'Network proxy' settings.
3. Set the proxy method to 'Manual'.
4. Type the hostname and port of your proxy in the appropriate field.
5. Start Pidgin (or Firefox/Thunderbird, set to 'Use system proxy settings' under advanced network preferences).

Steps to Reproduce (more specific, assuming an SSH connection is available):
1. Start an SSH tunnel with 'ssh HOSTNAME -D 8080'.
2. Start Firefox.
3. Under Edit > Preferences > Advanced > Network, open the connection settings dialogue and select 'Manual proxy configuration'.
4. Set the 'SOCKS Host' to 'localhost', on port 8080.
5. Verify the connection through the SSH tunnel is working.
6. Set Firefox back to 'Use system proxy settings'.
7. Click on the NetworkManager icon and click 'Network Settings'.
8. Go to the 'Network proxy' settings.
9. Set the proxy method to 'Manual'.
10. Set the 'SOCKS Host' to 'localhost', on port 8080.
11. Start Pidgin (or Firefox/Thunderbird, set to 'Use system proxy settings' under advanced network preferences).
  
Actual results:
Applications try to connect without using a proxy.

Expected results:
Applications connect through the proxy specified in the network settings.

Additional info:
I'm filing this under NetworkManager, since as I understand it the network settings applet is part of NM 0.9, but I'm not really sure where the bug lies. Poking around the schema org.gnome.system.proxy with gsettings seems to indicate that the gsettings keys are being set correctly. Before NM 0.9 arrived on F15 I tried setting these keys manually with gsettings, with similar results - the keys were set but applications didn't seem to use them.

It should also be noted that this worked fine with the GNOME Proxy preferences on F14 (which seem to have been removed since).
Comment 1 Dan Williams 2011-04-02 10:08:50 EDT
-> control center
Comment 2 Matthias Clasen 2011-04-07 14:29:59 EDT
Firefox is still looking in gconf for system proxy settings, but gnome 3 stores them in dconf nowadays. Moving this to firefox.
Comment 3 Christopher Aillon 2011-04-07 14:39:41 EDT
This is actually a XULRunner issue.

Jan, you looked at the other gsettings patch, so can you take a look at this too?   Would like to get it in for F15, if possible.

The relevant XR file is toolkit/system/unixproxy/nsUnixSystemProxySettings.cpp and the gsettings exist in "org.gnome.system.proxy" and below.
Comment 4 Theodore Lee 2011-04-07 21:25:21 EDT
Should I file separate bugs against Pidgin and Thunderbird as well?
Comment 5 Matěj Cepl 2011-04-08 09:27:47 EDT
(In reply to comment #4)
> Should I file separate bugs against Pidgin and Thunderbird as well?

Yes, please. Let me know the number of new bugs please.
Comment 6 Theodore Lee 2011-04-08 10:23:30 EDT
I've filed two bugs against Pidgin (bug 694819) and Thunderbird (bug 694821). I'm not sure if any of the other applications I use are affected, but I'll file more bugs if I run into any issues.
Comment 7 Emanuele Gissi 2011-04-20 02:52:02 EDT
I confirm Firefox is affected in Fedora 15 beta release.
Comment 8 Dan Winship 2011-04-28 12:09:04 EDT
*** Bug 700370 has been marked as a duplicate of this bug. ***
Comment 9 Vitor Sanches 2011-05-03 08:12:14 EDT
I confirm Empathy, Firefox, PidGin, Gnome-Terminal are affected in Fedora 15 beta release.
Comment 10 Øyvind Gjerstad 2011-05-27 02:19:18 EDT
This is still a problem in F15 final, it seems. A major problem for the affected.
Comment 11 Jean-François Fortin Tam 2011-05-29 23:39:17 EDT
Shouldn't this be considered a security vulnerability? As it stands, if you set a SOCKS proxy in gnome 3's network settings, applications such as Firefox will silently fail to use it. You may think that you're going through your secure tunnel while you're surfing completely unencrypted.
Comment 12 Edouard Bourguignon 2011-05-30 04:06:34 EDT
And where is the input box for "no proxy for hosts:" ?
Comment 13 Vitor Sanches 2011-05-30 08:08:33 EDT
I had configured the Network Manager Proxy to use the yum and not worked. I verified the configuration and I repaired that terminal receives this configuration:
declare -x all_proxy="socks://proxylx.acs.com.br:8080/"
declare -x ftp_proxy="http://proxylx.acs.com.br:8080/"
declare -x https_proxy="http://proxylx.acs.com.br:8080/"
declare -x no_proxy="localhost,127.0.0.0/8"

When I configured the terminal with configuration traditional setting HTTP_PROXY and FTP_PROXY, it's ok.

When I set the parameter in the file yum.conf proxy = @ http://user:password proxy.com.br:8080, operates normally.
Comment 14 Matteo Settenvini 2011-05-30 17:50:02 EDT
(In reply to comment #11)
> Shouldn't this be considered a security vulnerability? As it stands, if you set
> a SOCKS proxy in gnome 3's network settings, applications such as Firefox will
> silently fail to use it. You may think that you're going through your secure
> tunnel while you're surfing completely unencrypted.

I was thinking the same. I had to work in a country with limited freedom of speech some days ago, and I wanted to use tor + polipo for avoiding being traced while posting some political statements that could have been regarded as against the government.

Fortunately I checked in Firefox before doing that, and it said that tor was not enabled; I changed the options by hand in Firefox. However, I am not sure something cannot be traced back to me if there were other applications not aware of the global proxy settings. 

That is bad, believe me. It might or might not be a security vulnerability, but it can have dire consequences nevertheless.
Comment 15 Mikhail Kryshen 2011-09-13 07:21:58 EDT
Firefox and some other applications fall back to using environment variables for proxy configuration.

Running firefox like this in gnome-terminal works:
$ http_proxy="http://host:port" https_proxy="https://host:port" firefox

One possible solution would be to patch gnome-shell to start new applications with these environment variables set to current proxy settings. See also bug 699190.
Comment 16 Drewe 2011-09-21 00:55:39 EDT
I have the same issue in F16 Alpha, with any browser. I CAN set a https proxy, but not a http proxy.
Comment 17 Alexander Shopov 2011-10-06 07:12:51 EDT
In F16 Beta this is still not fixed.
There is a similar issue with Google Chrome. I tried logging the traffic with Wireshark - the browsers generate NO requests and no traffic down the line, there is no TCP/IP connection established. Most probably the value received by the Firefox browser is not valid at all.
I tried meddling with gconf-editor. I will log my settings.
Comment 18 Alexander Shopov 2011-10-06 07:18:51 EDT
[ashopov@ashopov-dev ~]$ gconftool-2 --dump /system/proxy
=============================================================
<gconfentryfile>
  <entrylist base="/system/proxy">
    <entry>
      <key>autoconfig_url</key>
      <schema_key>/schemas/system/proxy/autoconfig_url</schema_key>
      <value>
        <string></string>
      </value>
    </entry>
    <entry>
      <key>ftp_host</key>
      <schema_key>/schemas/system/proxy/ftp_host</schema_key>
      <value>
        <string>PROXYSERVER.COM</string>
      </value>
    </entry>
    <entry>
      <key>ftp_port</key>
      <schema_key>/schemas/system/proxy/ftp_port</schema_key>
      <value>
        <int>80</int>
      </value>
    </entry>
    <entry>
      <key>mode</key>
      <schema_key>/schemas/system/proxy/mode</schema_key>
      <value>
        <string>manual</string>
      </value>
    </entry>
    <entry>
      <key>secure_host</key>
      <schema_key>/schemas/system/proxy/secure_host</schema_key>
      <value>
        <string>PROXYSERVER.COM</string>
      </value>
    </entry>
    <entry>
      <key>secure_port</key>
      <schema_key>/schemas/system/proxy/secure_port</schema_key>
      <value>
        <int>80</int>
      </value>
    </entry>
    <entry>
      <key>socks_host</key>
      <schema_key>/schemas/system/proxy/socks_host</schema_key>
      <value>
        <string>PROXYSERVER.COM</string>
      </value>
    </entry>
    <entry>
      <key>socks_port</key>
      <schema_key>/schemas/system/proxy/socks_port</schema_key>
      <value>
        <int>80</int>
      </value>
    </entry>
  </entrylist>
</gconfentryfile>


[ashopov@ashopov-dev ~]$ gconftool-2 --dump /system/http_proxy
==============================================================
<gconfentryfile>
  <entrylist base="/system/http_proxy">
    <entry>
      <key>authentication_password</key>
      <schema_key>/schemas/system/http_proxy/authentication_password</schema_key>
      <value>
        <string></string>
      </value>
    </entry>
    <entry>
      <key>authentication_user</key>
      <schema_key>/schemas/system/http_proxy/authentication_user</schema_key>
      <value>
        <string></string>
      </value>
    </entry>
    <entry>
      <key>host</key>
      <schema_key>/schemas/system/http_proxy/host</schema_key>
      <value>
        <string>PROXYSERVER.COM</string>
      </value>
    </entry>
    <entry>
      <key>ignore_hosts</key>
      <schema_key>/schemas/system/http_proxy/ignore_hosts</schema_key>
      <value>
        <list type="string">
            <value>
              <string>localhost</string>
            </value>
            <value>
              <string>127.0.0.0/8</string>
            </value>
        </list>
      </value>
    </entry>
    <entry>
      <key>port</key>
      <schema_key>/schemas/system/http_proxy/port</schema_key>
      <value>
        <int>80</int>
      </value>
    </entry>
    <entry>
      <key>use_authentication</key>
      <schema_key>/schemas/system/http_proxy/use_authentication</schema_key>
      <value>
        <bool>false</bool>
      </value>
    </entry>
    <entry>
      <key>use_http_proxy</key>
      <schema_key>/schemas/system/http_proxy/use_http_proxy</schema_key>
      <value>
        <bool>false</bool>
      </value>
    </entry>
  </entrylist>
</gconfentryfile>
Comment 19 Juan Francisco Fernández 2011-11-03 03:17:44 EDT
This bugs is still present in F16 RC2.
Comment 20 Jan Horak 2011-12-08 03:18:25 EST
Fixed in trunk:
https://bugzilla.mozilla.org/show_bug.cgi?id=682832
Comment 21 Jonathan Dieter 2012-01-25 13:06:33 EST
This seems to be fixed in whatever version of firefox is in F16-updates.  It's respecting the proxy settings I've set in dconf.  I think it can be closed as CURRENTRELEASE.
Comment 22 Juan Saavedra 2012-01-26 09:45:39 EST
Working for Fedora 16.
Comment 23 Theodore Lee 2012-02-19 22:07:28 EST
Can anyone confirm that this works for setting a SOCKS proxy? I'm still having trouble.
Comment 24 andy_longworth 2012-02-20 02:58:10 EST
For me the one use case where I use SOCKS is via Thunderbird for retrieving IMAP mail.  The latest changes do not work in this case.  I have to still manually set the SOCKS sever in Thunderbird.
Comment 25 Jan Horak 2012-03-26 07:58:58 EDT
(In reply to comment #24)
> For me the one use case where I use SOCKS is via Thunderbird for retrieving
> IMAP mail.  The latest changes do not work in this case.  I have to still
> manually set the SOCKS sever in Thunderbird.

This was fixed in thunderbird-11.0-5.fc16.x86_64. Please retest and let us know if problem reoccurs.
Comment 26 Jan Horak 2012-03-26 10:19:56 EDT
*** Bug 694821 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.