cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Different curl version talking to 1and1 exchange server

From: Dave Hodgkinson <davehodg_at_gmail.com>
Date: Fri, 28 Nov 2014 21:42:39 +0000

Well, this is the POST in curl:

curl --ntlm -X POST "https://user%
40domain:password_at_1.exchange.1and1.eu/EWS/Exchange.asmx" -H
"x-xml-compile-soap-version: 3.05" -H "x-xml-compile-cache-version: 1.02"
-H "x-lwp-version: 6.08" -H "x-xml-compile-version: 1.47" -H
"x-xml-libxml-version: 2.0105" -H "Host: 1.exchange.1and1.eu" -H
"Content-Type: text/xml; charset=utf-8" -H "soapaction: \"
http://schemas.microsoft.com/exchange/services/2006/messages/GetFolder\""
-H "Content-Length: 567" --data-binary "<?xml version=\"1.0\"
encoding=\"utf-8\"?><soap:Envelope xmlns:soap=\"
http://schemas.xmlsoap.org/soap/envelope/\" xmlns:t=\"
http://schemas.microsoft.com/exchange/services/2006/types\">
<soap:Body> <GetFolder xmlns=\"
http://schemas.microsoft.com/exchange/services/2006/messages\"
xmlns:t=\"http://schemas.microsoft.com/exchange/services/2006/types\">
<FolderShape> <t:BaseShape>Default</t:BaseShape>
</FolderShape> <FolderIds> <t:DistinguishedFolderId
Id=\"calendar\"/> </FolderIds> </GetFolder>
</soap:Body></soap:Envelope>"

There's definitely content there, and a length?

I'm struggling to understand why a difference in curl versions would make a
difference, hence my focus on SSLv3 vs.

Looking at the trace further, it looks like -H 'Content-Length: xxx' isn't
appearing in the conversation! I moved it earlier in the parameters. I also
replaced the XML $boss supplied with that from the M$ site:

http://msdn.microsoft.com/en-us/library/office/aa580274%28v=exchg.150%29.aspx#sectionSection3

And it appears to work!

Thanks for the rubber ducky :)

On Fri, Nov 28, 2014 at 7:28 PM, Nick Zitzmann <nick_at_chronosnet.com> wrote:

>
> > On Nov 27, 2014, at 5:04 PM, Dave Hodgkinson <davehodg_at_gmail.com> wrote:
> >
> > Chaps,
> >
> > If anyone can help, that would be awesome! Kinda flailing a little here.
> $boss did some curl to talk to a 1&1 Exchange server (2010 I think). His
> script worked fine on curl 7.32, it seems to negotiate SSLv3:
> >
> > * About to connect() to 1.exchange.1and1.eu port 443 (#0)
> > * Trying 217.160.154.197...
> > * Adding handle: conn: 0x7fdda1808400
> > * Adding handle: send: 0
> > * Adding handle: recv: 0
> > * Curl_addHandleToPipeline: length: 1
> > * - Conn 0 (0x7fdda1808400) send_pipe: 1, recv_pipe: 0
> > * Connected to 1.exchange.1and1.eu (217.160.154.197) port 443 (#0)
> > * SSLv3, TLS handshake, Client hello (1):
> > * SSLv3, TLS handshake, Server hello (2):
> > * SSLv3, TLS handshake, CERT (11):
> > * SSLv3, TLS handshake, Server finished (14):
> > * SSLv3, TLS handshake, Client key exchange (16):
> > * SSLv3, TLS change cipher, Client hello (1):
> > * SSLv3, TLS handshake, Finished (20):
> > * SSLv3, TLS change cipher, Client hello (1):
> > * SSLv3, TLS handshake, Finished (20):
> > * SSL connection using AES256-SHA
> > * Server certificate:
> > * subject: C=DE; O=1&1 Internet AG; ST=Rhineland-Palatinate;
> L=Montabaur; emailAddress=server-certs_at_1und1.de; CN=1.exchange.1and1.eu
> > * start date: 2014-04-28 08:05:43 GMT
> > * expire date: 2017-05-03 23:59:59 GMT
> > * subjectAltName: 1.exchange.1and1.eu matched
> > * issuer: C=DE; O=T-Systems International GmbH; OU=T-Systems Trust
> Center; ST=Nordrhein Westfalen; postalCode=57250; L=Netphen; street=Untere
> Industriestr. 20; CN=TeleSec ServerPass DE-2
> > * SSL certificate verify ok.
> > * Server auth using NTLM with user 'him_at_crowdca.lc'
> > > POST /EWS/Exchange.asmx HTTP/1.1
> > > Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> > > User-Agent: curl/7.32.0
> >
> > etc.
> >
> > However, my Mac and Ubuntu VMs on 7.37.1 (and also compiled latest) seem
> to decide that TLS is the way forward and fail horribly:
> >
> > * Hostname was NOT found in DNS cache
> > * Trying 217.160.154.197...
> > * Connected to 1.exchange.1and1.eu (217.160.154.197) port 443 (#0)
> > * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> > * Server certificate: 1.exchange.1and1.eu
> > * Server certificate: TeleSec ServerPass DE-2
> > * Server certificate: Deutsche Telekom Root CA 2
> > * Server auth using NTLM with user 'him_at_crowdca.lc'
> > > POST /EWS/Exchange.asmx HTTP/1.1
> > > Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> > > User-Agent: curl/7.37.1
> > > Accept: */*
> > > x-lwp-version: 6.08
> > > x-xml-libxml-version: 2.0105
> > > x-xml-compile-version: 1.47
> > > x-xml-compile-cache-version: 1.02
> > > x-xml-compile-soap-version: 3.05
> > > Host: 1.exchange.1and1.eu
> > > Content-Type: text/xml; charset=utf-8
> > > soapaction: "
> http://schemas.microsoft.com/exchange/services/2006/messages/GetFolder"
> > >
> > < HTTP/1.1 411 Length Required
> > < Content-Type: text/html; charset=us-ascii
> > * Server Microsoft-HTTPAPI/2.0 is not blacklisted
> > < Server: Microsoft-HTTPAPI/2.0
> > < Date: Thu, 27 Nov 2014 17:40:10 GMT
> > < Connection: close
> > < Content-Length: 344
> > <
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""
> http://www.w3.org/TR/html4/strict.dtd">
> > <HTML><HEAD><TITLE>Length Required</TITLE>
> > <META HTTP-EQUIV="Content-Type" Content="text/html;
> charset=us-ascii"></HEAD>
> > <BODY><h2>Length Required</h2>
> > <hr><p>HTTP Error 411. The request must be chunked or have a content
> length.</p>
> > </BODY></HTML>
> > * Closing connection 0
> >
> >
> > This is just for a proof of concept. Is there a way of getting the more
> recent version to do what the old one did? I've tried switches like -3 and
> coercing ciphers but no no avail.
>
> This actually has nothing to do with SSLv3 and TLS. What you are seeing is
> the output of two different TLS back-ends. The OpenSSL back-end always says
> "SSLv3, TLS" while it's doing the handshake, and will tell you the
> cipher-suite, but it doesn't tell you the real SSL or TLS protocol in use.
> The Secure Transport back-end (used by Apple's curl) will tell you both the
> protocol and the cipher-suite in use.
>
> In fact, SSLv3 is now deprecated, and you shouldn't use it anymore. It
> looks like your server supports TLS 1.2, which is great.
>
> The problem here is, it is highly unusual to send a POST command to a
> server without providing any data to upload, but that is what you are doing
> in the second output, and the server is trying to tell you that it expected
> data but received none. I see the Content-Type: header was set, which is
> good, but you need to give curl some data to upload.
>
> Nick Zitzmann
> <http://www.chronosnet.com/>
>
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-28

This message: [ Message body ]
Next message: Samir Virmani: "Clarificaitons Regarding cURL CURLOPT_RANGE option"
Previous message: Nick Zitzmann: "Re: Different curl version talking to 1and1 exchange server"
In reply to: Nick Zitzmann: "Re: Different curl version talking to 1and1 exchange server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]