Hey Oleg,
TurboActivate will try the proxy and if it fails it will try to connect directly. This is by design. Customers frequently mess up things like proxies, and thus TurboActivate tries to "just work" even if the customer makes mistakes.
TA does not use proxy in some cases
Oleg RakhmatulinWe have product written on C++ with TurboActivate library for licensing. This product sometimes used by organizations with strict network rules. In our product we have ability to specify proxy address and this string used for starting TurboActivate wizard and for TA_SetCustomProxy() function call. It works fine in most cases but now we have problem.
One of our customers use HTTP proxy with white lists for controlling all traffic in network. They enabled proxy setting in our product and TurboActivate wizard which we use (according to your best practices) for activating license keys works fine. But TA_IsGeniueEx() function returns TA_FAIL error code even after successfull TA_SetCustomProxy() call. Our customer review their proxy log and see some attempts to connect directly (w/o using proxy) to servers from 104.20.*.* sub-net from our application. They do not want to enable whole sub-net and wants to know reason for this strange behavior.
Could you please, clarify, why TA tries to use servers from this network directly w/o proxy and if this behavior is not intended provide estimations for fixing it and list of servers which used by TA on this network (as temporary workaround).
Oleg RakhmatulinAccording to customers IT department:
We see some traffic being routed through the proxy after adding this entry (specify proxy string in our configuration file), however there is some traffic (https) from the application trying to bypass the proxy and going to IP 104.20.29.216 and 104.20.30.216. Is there any other parameter we need to add ensure the application traffic is routed entirely through proxy?
So looks like they specify proxy address correctly but some code in TA still use direct connections. Maybe it's some code inside OpenSSL library?
Customer do not want to allow any traffic to bypass their proxy. What should I answer him?
TurboActivate *only* tries direct access if the proxy is not working. Sorry, I don't recognize those IPs -- they might be in-use by us or not (we use a DDoS protection CDN so there isn't any one IP address to access our online properties).
So, if TA successfully accesses our activation servers using the proxies then it will *never* try to directly connect.
On Windows, TA uses schannel (the built-in SSL / TLS library). On macOS it uses SecureChannel (or whatever they call it), and on Linux / FreeBSD we use mbedTLS.
