NSURLConnection refuses to use OSX System Proxy Settings

Question

Ok so everywhere I've read and everyone I've talked to says that NSURLConnection when used in asychronous mode should automatically use OSX's system proxy settings.

Here's what I've done:

1. Setup a squid proxy on another host via port 8080 with basic authentication.
2. Setup this proxy in the system proxy settings on my Mac.
3. Setup NSURLConnection code that handles the NSURLConnectionDelegate methods as needed for asynchronous communication. I have breakpoints in all of the delegate methods including the challengeAuthentication ones. The http address the code tries to connect to is an http://api.box.com address.

Results:

1. All of my OSX/Mac machine's traffic successfully goes through my proxy and I can see it going thru via squid's access logs.
2. My NSURLConnection code BYPASSES the proxy completely. It totally ignores it from what I can tell. I get 3 delegate calls:
   • willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge -> the host in the protection space connected to the challenge is api.box.com (not the proxy)
   • didReceiveResponse:(NSURLResponse *)response
   • didReceiveData:(NSData )data
   • didFinishloading:(NSURLConnection)connection

These all run just fine getting their data from api.box.com but when referring to my proxy's access logs....none of these calls are ever made thru the proxy....only direct.

I verified this by using wireshark and I can see almost all of the connections from my Mac going thru my proxy but NOT any to box.com via my code here.

I've set the cache policy to not cache on both squid and the NSURLMutableRequest being used to no avail.

What is going on ? Am I missing some glaringly stupid thing somewhere or something?

Appreciate any help or any ideas you can think of.

Thanks.

UPDATE

So a comment about http vs https made me curious so I tried a random URL that was http instead of https and it went thru the proxy just fine!!!

Then I paid some better attention to what was going through the access logs on squid and I'm seeing some cert requests denied:

1371072911.976      1 192.168.10.41 TCP_DENIED/407 3676 POST http://ocsp.digicert.com/ - HIER_NONE/- text/html
1371072911.991      1 192.168.10.41 TCP_DENIED/407 3641 GET http://crl3.digicert.com/ca3-g20.crl - HIER_NONE/- text/html
1371072912.101      1 192.168.10.41 TCP_DENIED/407 3641 GET http://crl3.digicert.com/ca3-g20.crl - HIER_NONE/- text/html
1371072912.199      1 192.168.10.41 TCP_DENIED/407 3641 GET http://crl4.digicert.com/ca3-g20.crl - HIER_NONE/- text/html
1371072912.209      1 192.168.10.41 TCP_DENIED/407 3641 GET http://crl4.digicert.com/ca3-g20.crl - HIER_NONE/- text/html
1371072912.219      1 192.168.10.41 TCP_DENIED/407 3729 GET http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl - HIER_NONE/- text/html
1371072912.230      1 192.168.10.41 TCP_DENIED/407 3729 GET http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl - HIER_NONE/- text/html
1371072912.240      1 192.168.10.41 TCP_DENIED/407 3729 GET http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl - HIER_NONE/- text/html
1371072912.347      1 192.168.10.41 TCP_DENIED/407 3729 GET http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl - HIER_NONE/- text/html

So maybe when I'm trying to connect to https://api.box.com , it's failing to connect for the cert or something? Maybe this is actually an https / squid problem and not NSURLConnection.

Answer 1

So the issue seemed to actually be an https vs. http problem.

I was trying to send https requests through the proxy but the proxy was only setup as an http proxy.

Solution? Use an https proxy in the proxy settings ;)