curl-users
Re: NTLM and HTTPS
Date: Wed, 23 May 2007 00:15:08 +1000
Daniel,
I'm not at work right now ... well its 23:30 hours, I should be getting
my beauty sleep.
Anyway when I first read the man pages, I gained the impression that
--proxy-ntlm did not take an argument ... It's just that after
experimenting a bit, (as one does) ... I did this:
curl --proxy-ntlm webproxy.foo.bar.com:8080 \
--proxy-user scott:tiger \
http:/ordinary.sensible.com.au/good_page
And it worked! ... (where scott:tiger would be my login:password to the
NTLM proxy) ... Maybe that was just dumb luck? Oh well, I'll look into
that later.
Anway out of curiosity ... what the hell I'm awake and listening to some
old Beatles mp3s ... I tried while not behind the proxy ... The client
site is IIS -- and seriously weird. I think they are trying to do
virtual hosting but they don't know how to setup DNS (it's probably
being done by the Windows Admin team). Nevertheless I can access this
pile of pelican poo using Firefox, even from a Unix system. I can fetch
it ... However since their DNS is !@#$ed, I get a warning message. I
just tell the browser to continue ... type in the (real) login and
password and I fetch the document.
But curl gets upset ... when I do this:
curl --user foo.aprl.com.au\\bar:Cq5fpasswd \
--output test.xls \
'https://foo.aprl.com.au/scripts/IsapiDownload_long_silly_name%2Ezip'
And I got this:
curl: (51) SSL: certificate subject name 'foo.linkmarketservices.com.au' does not match target host name 'foo.aprl.com.au'
Which is quite true ... it doesn't match (because of the broken DNS!).
It just that an interactive browser gives me the option of continuing
... So, next I tried the -k option as you suggest ... (I used the long
form -- it's more readable)
curl --user foo.aprl.com.au\\bar:Cq5fpasswd \
--output test.xls.zip \
--insecure \
--url 'https://foo.aprl.com.au/scripts/IsapiDownload_long_silly_name%2Ezip'
And Voila! It works!
Hey Daniel you are a true legend! Thanks Mate!
Now if I can put all of this together and get it working behind the NTLM
proxy, I should be cooking with gas.
Have a good day! I'm off to bed.
Cheers,
Gerry Patterson
On Tue, May 22, 2007 at 02:32:01PM +0200, Daniel Stenberg wrote:
> This means curl couldn't connect TCP-wise to a given host. The reason is
> because --proxy-ntlm takes no additional argument so curl treats your
> command line as having two URLs.
>
> You want --proxy [host:port] to specify the proxy, and --proxy-ntlm to
> enable NTLM auth for the given proxy.
>
> Also, your cert usage is probably not correct if all you want to do is
> verify the peer's certificate, as --cert and --cert-type is for client
> certs. You rather want no option at all to use the default ca-cert check, or
>
> --cacert/--capath to specify where your custom ca cert bundle is.
>
> Or use -k to skip the check of the peer's true identity.
Received on 2007-05-22