cURL / Mailing Lists / curl-users / Single Mail

curl-users

回复:FTPS:Failed to access FTPS through a HTTP proxy server(v7.40.0)

From: 无有先生 <374990768_at_qq.com>
Date: Wed, 21 Jan 2015 09:42:20 +0800

Annex I amendments, please check.
    thanks.‍





------------------ 原始邮件 ------------------
发件人: "374990768";<374990768_at_qq.com>;
发送时间: 2015年1月16日(星期五) 上午10:43
收件人: "curl-users"<curl-users_at_cool.haxx.se>;

主题: FTPS:Failed to access FTPS through a HTTP proxy server(v7.40.0)



command:./curl -p -x 192.168.65.223:8090 -U 12:12 ftps://dmb1234:Password123_at_192.168.65.174:990/DeviceStateLine.aspx -o DeviceStateLine.aspx --cacert certs.crt --trace output.txt‍


result:
== Info: STATE: INIT => CONNECT handle 0x826daa4; line 1034 (connection #-5000)
== Info: Added connection 0. The cache now contains 1 members
== Info: Trying 192.168.65.223...
== Info: STATE: CONNECT => WAITCONNECT handle 0x826daa4; line 1087 (connection #0)
== Info: Connected to 192.168.65.223 (192.168.65.223) port 8090 (#0)
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Establish HTTP proxy tunnel to 192.168.65.174:990
== Info: Proxy auth using Basic with user '12'
== Info: Server auth using Basic with user 'dmb1234'
=> Send header, 157 bytes (0x9d)
0000: 43 4f 4e 4e 45 43 54 20 31 39 32 2e 31 36 38 2e CONNECT 192.168.
0010: 36 35 2e 31 37 34 3a 39 39 30 20 48 54 54 50 2f 65.174:990 HTTP/
0020: 31 2e 31 0d 0a 48 6f 73 74 3a 20 31 39 32 2e 31 1.1..Host: 192.1
0030: 36 38 2e 36 35 2e 31 37 34 3a 39 39 30 0d 0a 50 68.65.174:990..P
0040: 72 6f 78 79 2d 41 75 74 68 6f 72 69 7a 61 74 69 roxy-Authorizati
0050: 6f 6e 3a 20 42 61 73 69 63 20 4d 54 49 36 4d 54 on: Basic MTI6MT
0060: 49 3d 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 I=..User-Agent:
0070: 63 75 72 6c 2f 37 2e 34 30 2e 30 0d 0a 50 72 6f curl/7.40.0..Pro
0080: 78 79 2d 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b xy-Connection: K
0090: 65 65 70 2d 41 6c 69 76 65 0d 0a 0d 0a eep-Alive....
== Info: STATE: WAITCONNECT => WAITPROXYCONNECT handle 0x826daa4; line 1220 (connection #0)
== Info: Marked for [keep alive]: HTTP default
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Marked for [keep alive]: HTTP default
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Read response immediately from proxy CONNECT
<= Recv header, 37 bytes (0x25)
0000: 48 54 54 50 2f 31 2e 30 20 32 30 30 20 43 6f 6e HTTP/1.0 200 Con
0010: 6e 65 63 74 69 6f 6e 20 65 73 74 61 62 6c 69 73 nection establis
0020: 68 65 64 0d 0a hed..
<= Recv header, 2 bytes (0x2)
0000: 0d 0a ..
== Info: Proxy replied OK to CONNECT request
== Info: successfully set certificate verify locations:
== Info: CAfile: certs.crt
  CApath: none
== Info: TLSv1.0, TLS handshake, Client hello (1):
=> Send SSL data, 63 bytes (0x3f)
0000: 01 00 00 3b 03 01 54 b6 0e da 1e a1 39 30 49 9c ...;..T.....90I.
0010: 3d 8b 56 91 fc 63 69 29 4c f7 61 20 cb 63 aa cb =.V..ci)L.a .c..
0020: 5b f7 e5 89 45 c2 00 00 14 00 39 00 38 00 35 00 [...E.....9.8.5.
0030: 33 00 32 00 2f 00 16 00 13 00 0a 00 ff 01 00 3.2./..........
== Info: TLSv1.0, TLS handshake, Server hello (2):
<= Recv SSL data, 81 bytes (0x51)
0000: 02 00 00 4d 03 01 54 b6 10 0b f4 e2 d0 5e f0 2e ...M..T......^..
0010: 75 98 67 19 6d 0a 42 d2 3f c3 8c 9f f6 3c d9 99 u.g.m.B.?....<..
0020: 97 5a 74 d7 e7 b9 20 cd 2e e6 6b 59 f0 58 7a 8f .Zt... ...kY.Xz.
0030: 50 4d 39 d0 53 43 28 fb 92 dc d0 a7 9d 20 91 65 PM9.SC(...... .e
0040: e0 80 a0 8e 8b 67 88 00 35 00 00 05 ff 01 00 01 .....g..5.......
0050: 00 .
== Info: TLSv1.0, TLS handshake, CERT (11):
<= Recv SSL data, 847 bytes (0x34f)
0000: 0b 00 03 4b 00 03 48 00 03 45 30 82 03 41 30 82 ...K..H..E0..A0.
0010: 02 29 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 .)........0...*.
0020: 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 H........0d1.0..
0030: 03 55 04 06 13 02 43 4e 31 0b 30 09 06 03 55 04 .U....CN1.0...U.
0040: 08 13 02 66 6a 31 0b 30 09 06 03 55 04 07 13 02 ...fj1.0...U....
0050: 66 7a 31 10 30 0e 06 03 55 04 0a 13 07 73 74 61 fz1.0...U....sta
0060: 72 6e 65 74 31 10 30 0e 06 03 55 04 0b 13 07 73 rnet1.0...U....s
0070: 74 61 72 6e 65 74 31 17 30 15 06 03 55 04 03 13 tarnet1.0...U...
0080: 0e 31 39 32 2e 31 36 38 2e 36 35 2e 31 37 34 30 .192.168.65.1740
0090: 1e 17 0d 31 34 31 32 32 36 30 32 32 39 33 33 5a ...141226022933Z
00a0: 17 0d 32 34 31 32 32 33 30 32 32 39 33 33 5a 30 ..241223022933Z0
00b0: 64 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 0b d1.0...U....CN1.
00c0: 30 09 06 03 55 04 08 13 02 66 6a 31 0b 30 09 06 0...U....fj1.0..
00d0: 03 55 04 07 13 02 66 7a 31 10 30 0e 06 03 55 04 .U....fz1.0...U.
00e0: 0a 13 07 73 74 61 72 6e 65 74 31 10 30 0e 06 03 ...starnet1.0...
00f0: 55 04 0b 13 07 73 74 61 72 6e 65 74 31 17 30 15 U....starnet1.0.
0100: 06 03 55 04 03 13 0e 31 39 32 2e 31 36 38 2e 36 ..U....192.168.6
0110: 35 2e 31 37 34 30 82 01 22 30 0d 06 09 2a 86 48 5.1740.."0...*.H
0120: 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 .............0..
0130: 0a 02 82 01 01 00 b6 e4 50 9f b3 06 c5 ea 7b 1e ........P.....{.
0140: 91 82 66 27 5f a0 61 a3 4a c3 92 66 2a 00 97 d7 ..f'_.a.J..f*...
0150: 96 5f 1d 47 bf 8c 96 25 f8 9d ed de 86 7c 86 d8 ._.G...%.....|..
0160: 94 9b 52 57 5e e4 9c b3 9b b3 f8 f8 76 2e 58 55 ..RW^.......v.XU
0170: bd d0 12 10 29 d5 89 23 8f 94 a1 e5 4a 24 4d 08 ....)..#....J$M.
0180: 9d 25 8e 03 ca 4a 82 38 41 e7 b8 7c 02 15 2a ed .%...J.8A..|..*.
0190: 6c 4e 30 5b 4e 15 ad 79 79 90 32 7a 45 12 55 99 lN0[N..yy.2zE.U.
01a0: 33 98 72 b3 6a 28 8a 72 89 f0 d3 e2 77 47 ba 3c 3.r.j(.r....wG.<
01b0: 5c a8 8b ac b4 61 56 92 12 2f 96 43 bd c9 f2 03 \....aV../.C....
01c0: 7b 01 22 4c b7 0f dd 4f c5 36 c1 d1 68 66 97 9c {."L...O.6..hf..
01d0: 16 78 fb c2 c7 78 d8 48 6e ef ae 2f 07 4d e8 66 .x...x.Hn../.M.f
01e0: 80 b5 b6 3f c1 2a 49 6b 80 c1 8e 7c 09 f2 52 06 ...?.*Ik...|..R.
01f0: 7c 37 08 10 e4 49 f7 7b 12 e2 5f ba 91 65 97 11 |7...I.{.._..e..
0200: 3e bd ff 75 c9 16 1f 08 fd 58 37 d0 5b 8e 9d e3 >..u.....X7.[...
0210: 25 d3 29 78 d5 ba 9d 1b e7 4b 00 39 cd 49 1b e3 %.)x.....K.9.I..
0220: ca b7 36 b9 a5 48 82 1c c1 86 06 4c 54 b7 66 c3 ..6..H.....LT.f.
0230: 79 73 b9 d5 25 13 02 03 01 00 01 30 0d 06 09 2a ys..%......0...*
0240: 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 35 .H.............5
0250: b9 fc 36 11 08 fb 66 e7 65 14 42 78 3f ce 33 f3 ..6...f.e.Bx?.3.
0260: 03 9a 61 51 f1 a8 2a 07 ec 36 a5 1a 67 8c 6e 7d ..aQ..*..6..g.n}
0270: 01 53 d3 47 6b 14 39 39 d2 f3 19 92 16 3e 77 58 .S.Gk.99.....>wX
0280: ad af 2c 3e 0d ac 7f 58 f5 0d d8 73 04 76 75 02 ..,>..X...s.vu.
0290: 39 38 d8 3e 91 9f 47 c8 57 53 aa 19 73 62 10 9f 98.>..G.WS..sb..
02a0: 09 61 39 a4 47 e8 63 71 67 b6 75 ab 35 4b 49 39 .a9.G.cqg.u.5KI9
02b0: 01 cc d6 a8 ac 86 d2 36 81 82 e3 02 1c f4 5d 40 .......6......]@
02c0: f2 04 ab ac 8a 0a 37 59 ad 80 7e 82 33 61 f9 dc ......7Y..~.3a..
02d0: 1b e9 5a f9 80 8b 54 b9 7b 22 06 34 af 1c a5 63 ..Z...T.{".4...c
02e0: 56 c5 91 23 88 28 c5 2d e9 6b 5d 37 de f9 3c a0 V..#.(.-.k]7..<.
02f0: 05 19 6a 13 31 d7 17 7d ee 99 23 03 cf 86 82 a1 ..j.1..}..#.....
0300: 94 77 3a af 87 f5 2a b8 db c4 31 42 d1 43 19 37 .w:...*...1B.C.7
0310: 91 47 79 21 e0 f1 49 77 b9 96 21 78 95 f5 ba 7f .Gy!..Iw..!x...
0320: 10 65 1b 62 32 7f 30 db a7 2c 5b 20 76 54 4b c3 .e.b20..,[ vTK.
0330: ca 2d 0a 2d fa b5 a5 98 f3 5f aa 44 92 65 78 11 .-.-....._.D.ex.
0340: 37 e7 9d 26 31 36 0f 52 5a 62 ec c7 80 cb ec 7..&16.RZb.....
== Info: TLSv1.0, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: 0e 00 00 00 ....
== Info: TLSv1.0, TLS handshake, Client key exchange (16):
=> Send SSL data, 262 bytes (0x106)
0000: 10 00 01 02 01 00 07 6a 47 f3 d3 41 1d 7e 8f 35 .......jG..A.~.5
0010: 19 d0 e9 aa 81 63 73 f5 e2 60 ff 32 c2 0a 90 d0 .....cs..`.2....
0020: 17 a3 9c 97 d2 12 8c 90 b0 e7 ef d8 08 3a 92 29 .............:.)
0030: 6f 07 fd d9 67 c7 38 7c ce 8e c6 05 15 a5 bb ae o...g.8|........
0040: 57 0a d0 fa c9 37 d8 78 fc 09 96 b8 69 6b b2 d5 W....7.x....ik..
0050: 0f 1c 18 d2 40 ca 82 fd b9 ce 10 75 2a 39 00 85 ....@......u*9..
0060: d7 b8 34 44 09 89 90 5d 48 87 7b bc 02 ab c2 7d ..4D...]H.{....}
0070: 58 09 c9 68 73 f1 6d 01 f8 14 e0 11 2c 6c 8f 3d X..hs.m.....,l.=
0080: 77 ae 41 ad 61 1f a7 fe 64 71 18 4e 2d b5 68 aa w.A.a...dq.N-.h.
0090: 2d 02 34 4e 57 72 47 2f 86 e0 5b 08 df 6c dc ee -.4NWrG/..[..l..
00a0: f6 38 47 67 12 37 9d 0c 9b c3 55 11 5d 70 5d 14 .8Gg.7....U.]p].
00b0: 5b 8b 3e c0 c4 6c 5a 8b 8f bf 6a 54 4a ac 65 7a [.>..lZ...jTJ.ez
00c0: 32 70 e7 5e 79 df f6 8f 72 43 1b a4 d9 95 94 4f 2p.^y...rC.....O
00d0: a0 ba bc cf ae 85 03 fb a8 f9 f6 c0 8a f8 94 38 ...............8
00e0: d6 5a 92 cb bc 7b 0b 30 59 6f e8 eb f5 32 3d f0 .Z...{.0Yo...2=.
00f0: 46 78 f9 99 64 0d 9a b9 d0 fb 60 c7 4d ae 9a ac Fx..d.....`.M...
0100: 42 b0 80 fa 1f 81 B.....
== Info: TLSv1.0, TLS change cipher, Client hello (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01 .
== Info: TLSv1.0, TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: 14 00 00 0c e6 5a 99 1c ba a3 09 8f d1 dd 62 9e .....Z........b.
== Info: TLSv1.0, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: 01 .
== Info: TLSv1.0, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: 14 00 00 0c c4 9c b7 b0 d1 ff 8c f1 25 74 7c a8 ............%t|.
== Info: SSL connection using TLSv1.0 / AES256-SHA
== Info: Server certificate:
== Info: subject: C=CN; ST=fj; L=fz; O=starnet; OU=starnet; CN=192.168.65.174
== Info: start date: 2014-12-26 02:29:33 GMT
== Info: expire date: 2024-12-23 02:29:33 GMT
== Info: common name: 192.168.65.174 (matched)
== Info: issuer: C=CN; ST=fj; L=fz; O=starnet; OU=starnet; CN=192.168.65.174
== Info: SSL certificate verify ok.
== Info: STATE: WAITPROXYCONNECT => WAITCONNECT handle 0x826daa4; line 1177 (connection #0)
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Marked for [keep alive]: FTP default
== Info: successfully set certificate verify locations:
== Info: CAfile: certs.crt
  CApath: none
== Info: SSL re-using session ID
== Info: TLSv1.0, TLS handshake, Client hello (1):
=> Send SSL data, 95 bytes (0x5f)
0000: 01 00 00 5b 03 01 54 b6 0e da 4f 1e fa ac 76 28 ...[..T...O...v(
0010: 4b 37 33 cd 3c ef 27 ac e5 bd c8 d1 32 b5 f5 c6 K73.<.'.....2...
0020: 1c 4c b7 f2 06 7f 20 cd 2e e6 6b 59 f0 58 7a 8f .L... ...kY.Xz.
0030: 50 4d 39 d0 53 43 28 fb 92 dc d0 a7 9d 20 91 65 PM9.SC(...... .e
0040: e0 80 a0 8e 8b 67 88 00 14 00 39 00 38 00 35 00 .....g....9.8.5.
0050: 33 00 32 00 2f 00 16 00 13 00 0a 00 ff 01 00 3.2./..........
== Info: TLSv1.0, TLS alert, Server hello (2):
=> Send SSL data, 2 bytes (0x2)
0000: 02 0a ..
== Info: error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected record
== Info: Closing connection 0
== Info: The cache now contains 0 members
== Info: Expire cleared



reason:
The network better, before the conversion from WAITPROXYCONNECT into WAITCONNECT state, has completed the SSL certification, lead to the re created a SSL certification. The first SSL certification, is not the application layer data processing TCP/IP protocol stack residues, leading to the second SSL encryption and authentication failure.‍


scheme:
In the transition from WAITPROXYCONNECT state to WAITCONNECT,began to SSL certification.‍


modify:
file:http.c;
function:Curl_http_connect‍
The red word for new added code‍
CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
{
  CURLcode result;


  /* We default to persistent connections. We set this already in this connect
     function to make the re-use checks properly be able to check this bit. */
  connkeep(conn, "HTTP default");


  /* the CONNECT procedure might not have been completed */
  result = Curl_proxy_connect(conn);
  if(result)
    return result;


  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
    /* nothing else to do except wait right now - we're not done here. */
    return CURLE_OK;


  if(conn->given->flags & PROTOPT_SSL) {
  if(conn->given->protocol&CURLPROTO_FTPS) {
    *done = FALSE;
  }
  else {
      /* perform SSL initialization */‍
      result = https_connecting(conn, done);
      if(result)
        return result;
    }
  }
  else
    *done = TRUE;


  return CURLE_OK;
}‍




Looking forward to your reply!‍
zhenyang su
china

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • application/octet-stream attachment: http.diff
Received on 2015-01-21