cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: HTTPS GET ERROR

From: Frank Reid <fcreid_at_ourcorner.org>
Date: Wed, 10 Jan 2001 16:04:19 -0500

Well, I "cured the symptom", but not sure I solved an underlying problem, if
any. IIS was set to allow certificate-only authentication to a virtual
directory. Both "Anonymous" and "NTLM" authentication methods were disabled
entirely for that directory. After enabling Anonymous, curl can properly
retrieve certificate-protected data from the folder. As before, browsers
are presented with the challenge to present a client cert and, if invalid,
rejected access.

Apparently, curl needs to establish this "anonymous" connection initially,
before presenting its certificate, else it doesn't understand the data back
from IIS. (Again, IIS always thought it was sending it before.) Browsers
don't suffer from this limitation, and are always challenged for their cert
even if Anonymous is disabled in the directory. Not sure why this happens,
but it fixed it for me.

> I have no idea. I've personally never run any other web server than
Apache.

Same here, but this particular requirement lives in a Windows-2000 world!
;)

Frank

-----Original Message-----
From: owner-curl_at_contactor.se [mailto:owner-curl_at_contactor.se]On Behalf
Of Daniel Stenberg
Sent: Wednesday, January 10, 2001 03:02
To: Curl Mailinglist
Subject: Re: HTTPS GET ERROR

On Tue, 9 Jan 2001, Frank Reid wrote:

> After scanning the archives, I find I am having an identical problem to
what
> Andreas Meister described in Aug/Sep on the list. Unfortunately, I can't
> find where the cause was identified or resolved.

I can't either. I don't think I ever received an explanation or a solution.

> Specifically, I am trying to retrieve data from an IIS-based server that
> requires a client certificate to access data in specific folders. The
> PUT ("--upload-file") actions work great using the same client
> certificate, so I know it's not a root trust issue.

So it works for PUT but not with GET with otherwise similar requirements?

> However, any attempt to GET returns no data, although the header file
> returned with --verbose output indicates the action succeeded ('200'
> result). The IIS server also thinks it succeeded, and it logs a '200'
> result.

So, the GET returns only a set of headers and no body?

> Is it possible that IIS is using a cookie or doing something strange that
> I need to duplicate in my curl script?

It is possible, yes, and the fact that you can PUT indicates that the
problem
is in that area rather than a SSL issue or something.

> Does anyone know if Netscape Enterprise Server suffers from the same
> affliction with curl? (If not, I'll swap out IIS for Netscape tomorrow,
> but it's a Windows-2000 box that's running the server, and I'd rather not
> introduce other woes!)

I have no idea. I've personally never run any other web server than Apache.

--
  Daniel Stenberg -- curl project maintainer -- http://curl.haxx.se/

Received on 2001-01-10

This message: [ Message body ]
Next message: Daniel Stenberg: "RE: cURL as a SRC parameter for a frame"
Previous message: David West: "Building on Redhat 5.2, and a problem with -z"
In reply to: Daniel Stenberg: "Re: HTTPS GET ERROR"
Next in thread: Daniel Stenberg: "RE: HTTPS GET ERROR"
Reply: Daniel Stenberg: "RE: HTTPS GET ERROR"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]