curl-users
RE: failure with proxy-ntlm, SSL
Date: Tue, 25 May 2004 23:31:05 -0700
On Tue, 25 May 2004, Daniel Stenberg wrote:
> On Tue, 25 May 2004, David Byron wrote:
>
> > Turns out that this fails with basic authentication too,
> > which hopefully is simpler to work with. In other words:
> >
> > $ ./curl https://www.paypal.com -k --proxy
http://some_real_proxy:proxy_port
> > --proxy-user user:password --verbose
>
> Can you show us a trace output from this? (with edited sensitive data)
Here's the failure from cvs as of earlier today:
$ ./curl https://www.paypal.com -k --verbose --proxy
http://my_proxy:proxy_port --proxy-user user:pass
* About to connect() to my_proxy port proxy_port
* Connected to my_proxy (my_proxy) port proxy_port
* Establish HTTP proxy tunnel to www.paypal.com:443
< HTTP/1.0 407 Proxy Authentication Required
< Server: squid/2.5.STABLE4
< Mime-Version: 1.0
< Date: Wed, 26 May 2004 06:23:30 GMT
< Content-Type: text/html
< Content-Length: 1288
< Expires: Wed, 26 May 2004 06:23:30 GMT
< X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
< Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
* Authentication problem. Ignoring this.
< X-Cache: MISS from QESQUIDPROXY
< Proxy-Connection: close
<
* Received HTTP code 407 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 407 from proxy after CONNECT
With something close to 7.11.2, the trace looks like:
* About to connect() to my_proxy port proxy_port
* Connected to my_proxy (my_proxy) port proxy_port
* Establish HTTP proxy tunnel to www.paypal.com:443
* Proxy auth using Basic with user 'user'
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=US/ST=California/L=Palo Alto/O=Paypal,
Inc./OU=Information Systems/OU=Terms of use at www.verisign.com/rpa (c)0
0/CN=www.paypal.com
* start date: 2004-03-03 00:00:00 GMT
* expire date: 2006-03-03 23:59:59 GMT
* common name: www.paypal.com (matched)
* issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS I
ncorp.by Ref. LIABILITY LTD.(c)97 VeriSign
* SSL certificate verify result: 20, continuing anyway.
> GET / HTTP/1.1
User-Agent: curl/7.11.2.1 (i386-pc-win32) libcurl/7.11.2.1
OpenSSL/0.9.7a
Host: www.paypal.com
Pragma: no-cache
Accept: */*
< HTTP/1.1 200 OK
< Date: Wed, 26 May 2004 06:26:32 GMT
< Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7a
< more headers and the rest of the page >
> Test case 80 tests (almost) this case, so I'm trying to understand the
> differences between your case and test 80.
I think it's just the https URL, and the lack of host authentication.
With an http URL, it works for me just fine, at least with no host auth.
Haven't got to the host auth yet. Next week :)
> You are providing a correct user name and password, right?
Yup.
Thanks for your help.
-DB
Received on 2004-05-26