# Fetching behind a proxy, Authentication Error



## forquare (Jun 1, 2016)

Afternoon all,

At work I have a VM on my laptop for testing and general respite from Windows, it's running FreeBSD 10.3:
`bil@fbsd-bil:guessing_game %>uname -a
FreeBSD fbsd-bil 10.3-RELEASE-p3 FreeBSD 10.3-RELEASE-p3 #0: Tue May 17 08:43:55 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64`

I've been using it successfully to do various things, and yesterday I decided to use my lunch time to learn some Rust programming.  One of the exercises requires a package to be downloaded, but this fails:
`bil@fbsd-bil:guessing_game %>cargo build --verbose
    Updating registry `https://github.com/rust-lang/crates.io-index`
Unable to update registry https://github.com/rust-lang/crates.io-index

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  [12/-2] Couldn't connect to server`

I decided to to try and fetch(1) the file mentioned in the above output, but that failed:
`bil@fbsd-bil:guessing_game %>fetch -v https://github.com/rust-lang/crates.io-index
looking up 12.34.56.78
connecting to 12.34.56.78:80
SSL options: 83004bff
Peer verification enabled
Using CA cert file: /usr/local/etc/ssl/cert.pem
34380987096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
fetch: https://github.com/rust-lang/crates.io-index: Authentication error`

Ordinarily I can access the internet from this VM, e.g. I upgraded from 10.2 to 10.3, I install packages via pkg(1), and can generally fetch(1) files from the internet.
I am behind a proxy, and have the following set:
`bil@fbsd-bil:guessing_game %>env | grep http
https_proxy=http://12.34.56.78/
http_proxy=http://12.34.56.78:80/`
(IP addresses changed)

Having searched around for this, I ensured that security/ca_root_nss was installed and up to date:
`bil@fbsd-bil:guessing_game %>pkg info ca_root_nss
ca_root_nss-3.22.2
Name           : ca_root_nss
Version        : 3.22.2
Installed on   : Fri Apr  1 11:11:56 2016 BST
Origin         : security/ca_root_nss
Architecture   : freebsd:10:*
Prefix         : /usr/local
Categories     : security
Licenses       : MPL
Maintainer     : ports-secteam@FreeBSD.org
WWW            : UNKNOWN
Comment        : Root certificate bundle from the Mozilla Project
Options        :
        ETCSYMLINK     : on
Annotations    :
Flat size      : 896KiB
Description    :
Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.

This port directly tracks the version of NSS in the security/nss port.`

The fetch(1) output mentions /usr/local/etc/ssl/cert.pem, which I've linked to the one provided by security/ca_root_nss:
`bil@fbsd-bil:guessing_game %>ls -l /usr/local/etc/ssl/cert.pem /usr/local/share/certs/ca-root-nss.crt
lrwxr-xr-x  1 root  wheel    38B May 31 15:06 /usr/local/etc/ssl/cert.pem@ -> /usr/local/share/certs/ca-root-nss.crt
-rw-r--r--  1 root  wheel   880K Mar 19 01:15 /usr/local/share/certs/ca-root-nss.crt`

But still no luck 

Oddly, if I try using www/wget I can download the file without issue, but I don't think I can get devel/cargo to use that instead...(I'm presuming it's using libfetch at the moment).

Does anyone have experience of such a problem?


----------



## forquare (Jun 8, 2016)

I managed to fix my "main" issue, seems that devel/cargo doesn't respect the `http_proxy` environmentals and requires the proxy settings to be set within its config file.

Still somewhat intrigued why fetch(1) seems to fail...


----------



## cpm@ (Jun 8, 2016)

forquare said:


> I managed to fix my "main" issue, seems that devel/cargo doesn't respect the `http_proxy` environmentals and requires the proxy settings to be set within its config file.
> 
> Still somewhat intrigued why fetch(1) seems to fail...



See fetch(3) man page.


----------



## getopt (Jun 8, 2016)

forquare said:


> https_proxy=http://12.34.56.78/


https_proxy needs https:// not http://


----------



## forquare (Jun 8, 2016)

getopt said:


> https_proxy needs https:// not http://



I will try this again, but I think I've already tried it…Certainly in Windows it seems to only specify HTTP.


----------



## cpm@ (Jun 8, 2016)

E.g.  you can put

```
FETCH_ENV= HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:port
FETCH_ENV= FTP_PROXY=http://<user>:<pwd>@proxy.example.com:port
```
in your /etc/make.conf


----------



## forquare (Jun 9, 2016)

getopt said:


> https_proxy needs https:// not http://



Hmmm, doesn't seem to make any difference...



cpm said:


> E.g.  you can put
> 
> ```
> FETCH_ENV= HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:port
> ...



I don't have a username/password for the proxy, so have just done the following:

```
FETCH_ENV= HTTP_PROXY=http://12.34.56.78:80/
```

I've rebooted and still doesn't like it.

I'm not too fussed at the moment.  I'm not regularly fetching stuff, I thought that the problem was related to devel/cargo, but since it isn't and the cargo problem is fixed, I'm in a working situation


----------

