Thread 'No connection to internet through corporate firewall'
Message boards : Questions and problems : No connection to internet through corporate firewall
Message board moderation
| Author | Message |
|---|---|
|
Send message Joined: 4 Oct 24 Posts: 2 |
Hi, I'm using BOINC in corporate network. After enable SSL deep inspection on our firewall, BOINC couldn't connect to internet. Firewall sign all websites with own certificate with intermediate CA and Root CA certificate is in Windows certification store. CRL is only for Root CA. Web browsers open all sites without problems. Using Windows BOINC 64bit 8.0.2. HTTP debug log: 04.10.2024 13:57:52 | Milkyway@home | Sending scheduler request: Requested by user. 04.10.2024 13:57:52 | Milkyway@home | Not requesting tasks: "no new tasks" requested via Manager 04.10.2024 13:57:52 | Milkyway@home | [http] HTTP_OP::init_post(): https://milkyway.cs.rpi.edu/milkyway_cgi/cgi 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: Hostname milkyway.cs.rpi.edu was found in DNS cache 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: Trying 128.113.126.54:443... 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: Connected to milkyway.cs.rpi.edu (128.113.126.54) port 443 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: schannel: disabled automatic use of client certificate 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: ALPN: curl offers http/1.1 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: Closing connection 04.10.2024 13:57:53 | Milkyway@home | [http] [ID#1] Info: schannel: shutting down SSL/TLS connection with milkyway.cs.rpi.edu port 443 04.10.2024 13:57:53 | Milkyway@home | [http] HTTP error: SSL connect error 04.10.2024 13:57:54 | | Project communication failed: attempting access to reference site 04.10.2024 13:57:54 | Milkyway@home | Scheduler request to https://milkyway.cs.rpi.edu/milkyway_cgi/cgi failed: SSL connect error Could it be changed by configuration to no check revocation? Or is it bug? Thank you |
 Send message Joined: 10 May 07 Posts: 1444 
|
* HAVE YOU ASK YOUR EMPLOYER FOR PERMISSION TO RUN BOINC ON THEIR EQUIPMENT AND ACCESS TO THE CORPORATE INTERNET? Once you have authorization, you most likely need the corporate IT department to make an exception for BOINC to passthrough the firewall and sometimes for each individual project on ports 80 & 443 to the internet and port 31416 on the local PC. |
|
Send message Joined: 4 Oct 24 Posts: 2 |
Yes, I have permission from employer. I have connection to internet and BOINC function properly untill on firewall enabled SSL deep inspection. After that all web certificates are from our enterprise CA. Problem is that in certificate isn't CRL (degug error CRYPT_E_NO_REVOCATION_CHECK). BOINC can't communicate without CRL, I think that is mistake/bug. |
|
Send message Joined: 10 May 07 Posts: 1444
|
Unless I miss it I could not find any documentation how to force the use of a different certificate or none at all in the BOINC help wiki. I'm not a programming expert, but I did a web search on the error and I think it's a possible problem with the BOINC program implementation of curl security function... curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) #14315 Create an account if you already don't have one and open a ticket on BOINC's GitHub page for the developers/programmers to look at. https://github.com/BOINC/boinc/issues When creating your ticket I would include a link to this forum topic/thread since we have already done some troubleshooting. |
Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software Foundation.