cURL / Mailing Lists / curl-users / Single Mail

curl-users

Question using curl with ntlm failed at third handshake

From: Chenchen Qu <cqu_at_factset.com>
Date: Wed, 24 Feb 2016 19:43:42 +0000

Hi:

I've been trying to setup curl to do NTLM authentication with my proxy server, on my proxy side I setup a squid proxy using a fake ntlm authentication, as long as all three handshakes are finished it will always return a 200 OK.

I tried this with the 7.40.0 devel package and I also compiled a 7.47.1 with sspi and ssl on windows

curl 7.47.1 (i386-pc-win32) libcurl/7.47.1 OpenSSL/1.0.2f
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp
smtp smtps telnet tftp
Features: AsynchDNS Largefile SSPI Kerberos SPNEGO NTLM SSL

But these all failed proxy authentication at the third handshake:

C:\curl-7.47.1\curl-7.47.1\src>curl.exe -v --proxy-ntlm --proxy-user DOMAIN\cqu:test --proxy 164.55.92.32:3128 example.com
* Rebuilt URL to: example.com/
* Trying 164.55.92.32...
* Connected to 164.55.92.32 (164.55.92.32) port 3128 (#0)
* Proxy auth using NTLM with user 'DOMAIN\cqu'
> GET http://example.com/ HTTP/1.1
> Host: example.com
> Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAA
Dw==
> User-Agent: curl/7.47.1
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 407 Proxy Authentication Required
< Server: squid/3.5.14-20160218-r13990
< Mime-Version: 1.0
< Date: Wed, 24 Feb 2016 17:01:47 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3652
< X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
< Vary: Accept-Language
< Content-Language: en
< Proxy-Authenticate: NTLM TlRMTVNTUAACAAAACQAJAK6qqqoHggiixveK6BLWYzsAAAAAAAA6A
FdPUktHUk9VUA==
< X-Cache: MISS from unixdeva16
< Via: 1.1 unixdeva16 (squid/3.5.14-20160218-r13990)
< Connection: keep-alive
<
* Ignoring the response-body
* Connection #0 to host 164.55.92.32 left intact
* Issue another request to this URL: 'http://example.com/'
* Found bundle for host example.com: 0x6df108 [can pipeline]
* Re-using existing connection! (#0) with proxy 164.55.92.32
* Connected to 164.55.92.32 (164.55.92.32) port 3128 (#0)
* NTLM handshake failure (type-3 message): Status=80090308
* Connection #0 to host 164.55.92.32 left intact
curl: (56) Failure when receiving data from the peer

I actually tried one version with HTTP2 support which worked
curl 7.47.1 (x86_64-pc-win32) libcurl/7.47.1 OpenSSL/1.0.2f nghttp2/1.7.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp
smb smbs smtp smtps telnet tftp
Features: AsynchDNS Largefile NTLM SSL HTTP2

I use the same command and environment setup, I'm not able to figure out why curl failed to send out the third request back to the proxy server, any help would be appreciated.

Thank you
Chenchen

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-02-24