saucelabsbrowsermob-proxybrowsermob

Unable to start sauce connect with proxy - next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT


I am using latest sauce connect in windows and works fine without proxy. Now if I use browsermobproxy, and try to start sauce connect, it fails with error

>sc -u userName -k token -i tunnelName --proxy 127.0.0.1::9091 --doctor
!!! ERROR: connecting via 127.0.0.1::9091 to http://saucelabs.com:443: Couldn't connect to server.
INFO: checking if accessing https://saucelabs.com/rest/v1 works
INFO: using proxy 127.0.0.1::9091 for https://saucelabs.com/versions.json (saucelabs.com)
!!! ERROR: connecting to https://saucelabs.com/versions.json: Couldn't connect to server, reply: [empty].
!!! WARNING: can't reach https://saucelabs.com/versions.json, please check your firewall and proxy settings.

for curl -v --proxy http://localhost:9091 https://ondemand.saucelabs.com/wd/hub/status getting

* schannel: encrypted data buffer: offset 2241 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
* Closing connection 0

what changes i need to make?


Solution

  • This is caused by Browsermob Proxy working as intended, by breaking the HTTPS chain of security in order to inspect traffic going through it.

    To use BMP (Or WonderProxy or anything else) with Sauce Connect, you need to configure Sauce Connect to establish the secure connection without going through BMP, then use it for the traffic under test.

    The best way of doing that is to create a PAC file:

    function FindProxyForURL(url, host) {
        if (shExpMatch(host, "*.miso.saucelabs.com") ||
            shExpMatch(host, "*.saucelabs.com") ||
            shExpMatch(host, "saucelabs.com")) {
            // KGP and REST connections. Another proxy can also be specified.
            return "DIRECT";
        }
    
        // Test HTTP traffic, route it through the BMP proxy.
        return "PROXY localhost:9091";
    }
    

    Then pass it to Sauce Connect with the --pac option:

    --pac file://path/to/your/pacfile.pac

    See the Sauce Connect Docs for more info on using multiple proxies.