curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: Getting curl to go all the way through proxy with digest authentication

From: Jones, James <jjones2_at_novetta.com>
Date: Wed, 22 Nov 2017 09:06:55 -0500

After a little experimentation I found that using -trace-ascii was indeed
the same as not using it.
I am passing 2 urls. When I look at the output from Firebug on Firefox I
see two urls listed.
one as Request URL:https://192.168.102.102/quarters/reports, the other is
Remote address 192..168.102.102:443

If I use the -x with the Remote address I get the following return: curl:
(4) Unsupported proxy 'https://192.168.102.102:443', libcurl is built
without the HTTPS-proxy support.
If I use what I have with -v I get this where Remote address is acting as a
proxy and muddling through various status codes in the path client to proxy
to data server and back.
BTW the proxy is a reverse proxy with https in and data server is https in
The client is a Windows 10 box the other two are running in an Oracle
VirtualBox Centos7 VM also on the Windows box..

C:\curl>curl -k -v --digest -u admin:password https://192.168.102.102:443
-L https://192.168.102.102/quarters/reports/
* Rebuilt URL to: https://192.168.102.102:443/
* timeout on name lookup is not supported
* Trying 192.168.102.102...
* TCP_NODELAY set
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* schannel: SSL/TLS connection with 192.168.102.102 port 443 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the
supplied target name with the subject names in server certificates.
----- shortened to save space ----
* schannel: stored credential handle in session cache
* Server auth using Digest with user 'admin'
> GET / HTTP/1.1
> Host: 192.168.102.102
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
----- shortened to save space ----
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 995
< Content-Security-Policy: frame-ancestors chrome-extension://*
< Content-Type: text/html; charset=utf-8
< Last-Modified: Tue, 07 Nov 2017 17:26:43 GMT
< Pragma: private
< Set-Cookie: abcde=NDg3NDllYmMtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
<
<!DOCTYPE html> --- this is the body return from the proxy
<html>

<head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <link rel="stylesheet" href="css/all.css">

    <title>APP</title>
    <link rel="icon" type="image/ico" href="images/favicon.ico" />
</head>

<body>
    <div style="margin: 10px auto;width: 200px;text-align: center;">
      <button class="userbutton" onclick="onLogin()" id="login"
style="margin: 0px">Login</button>
    </div>
    <div style="margin: 10px auto;width: 200px;text-align: center;">
      <button class="userbutton" onclick="onForgotPassword()"
id="forgot_password" style="margin: 10px 0px 0px 0px">Forgot
Password</button>
    </div>
    <br/>
    <div id="services" class="buttons"></div>
    <img src="images/logo.png" onclick="onLogoClick()" class="logo">
    <script>
        function onLogin() {
            window.location = "/login";
        }
        function onForgotPassword() {
            window.location = "/forgotpassword.html"
        }
    </script>
</body>

</html>
* Connection #0 to host 192.168.102.102 left intact
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET /quarters/reports/ HTTP/1.1
> Host: 192.168.102.102
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
------- shortened to save space ------------
< HTTP/1.1 303 See Other
< Content-Security-Policy: frame-ancestors chrome-extension://*
< Location: /login/?_dc=2017-11-22 08:30:19.172330956 -0500
EST&redirect=/quarters/reports/
< Pragma: private
< Set-Cookie: abcde=NDg3ZDFiMjgtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Content-Length: 108
< Content-Type: text/html; charset=utf-8
<
* Ignoring the response-body
* Connection #0 to host 192.168.102.102 left intact
* Issue another request to this URL: '
https://192.168.102.102/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
'
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET
/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
HTTP/1.1
> Host: 192.168.102.102
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
----------- shortened to save space -----------------
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 401 Unauthorized
< Content-Security-Policy: frame-ancestors chrome-extension://*
< Content-Type: text/plain
< Pragma: private
< Set-Cookie: abcde=NDg4NGRkZTAtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< Www-Authenticate: Digest realm="192.168.102.102",
nonce="mDfGRg5j2fdpt930", opaque="x7bmsxsxnds3w+RO", algorithm="MD5",
qop="auth"
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Content-Length: 17
<
* Ignoring the response-body
* Connection #0 to host 192.168.102.102 left intact
* Issue another request to this URL: '
https://192.168.102.102/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
'
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET
/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
HTTP/1.1
> Host: 192.168.102.102
> Authorization: Digest
username="admin",realm="192.168.102.102",nonce="mDfGRg5j2fdpt930",uri="/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/",cnonce="85d557a3bd140e94944f3d139a8353be",nc=00000001,algorithm=MD5,response="2d5aab9e5a8ea4eb2e6689ed81b1b722",qop="auth",opaque="x7bmsxsxnds3w+RO"
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
------------shortened to save space -------------------
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 303 See Other
< Authentication-Info: qop="auth",
rspauth="9362d7ef780c9520c6ec388bf7104df7",
cnonce="85d557a3bd140e94944f3d139a8353be", nc="00000001"
< Location: /quarters/reports/
< Set-Cookie: abcde=NDg4ZGJjOTQtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Content-Length: 43
< Content-Type: text/html; charset=utf-8
<
* Ignoring the response-body
* Connection #0 to host 192.168.102.102 left intact
* Issue another request to this URL: '
https://192.168.102.102/quarters/reports/'
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET /quarters/reports/ HTTP/1.1
> Host: 192.168.102.102
> Authorization: Digest
username="admin",realm="192.168.102.102",nonce="mDfGRg5j2fdpt930",uri="/quarters/reports/",cnonce="85d557a3bd140e94944f3d139a8353be",nc=00000002,algorithm=MD5,response="09f255dcda3a3d569bad105ebf59ad97",qop="auth",opaque="x7bmsxsxnds3w+RO"
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
----------- shortened to save space ------------
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 200 OK
< Authentication-Info: qop="auth",
rspauth="2c6860675660bd529a5238821048b707",
cnonce="85d557a3bd140e94944f3d139a8353be", nc="00000002"
< Content-Type: application/json
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Set-Cookie: abcde=NDg5NzFiZTAtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< Vary: Accept-Encoding
< X-Content-Type-Options: nosniff
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Transfer-Encoding: chunked
<
[
 {
  "searchID": "d069a69e-cebe-11e7-b621-080027fab0fe",
---------- this is the json formatted body from the request --------------
  "lastModified": "0001-01-01T00:00:00Z"
 }
]* Connection #0 to host 192.168.102.102 left intact

On Tue, Nov 21, 2017 at 5:55 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Tue, 21 Nov 2017, Jones, James wrote:
>
> However when I dropped the "-x":
>> curl -k --digest -u admin:password https://192.168.102.102:443 -L
>> https://192.168.102.102/quarters/reports/ -trace-ascii
>>
>
> Here you give curl two URLs, "https://192.168.102.102:443" and "
> https://192.168.102.102/quarters/reports/" which seems you might not have
> intended. Further "-trace-ascii" is not "--trace-ascii -" but is actually
> "-t race-ascii" which thus attempts to set a telnet option called
> "race-ascii" (which will be silently ignored).
>
> --
>
> / daniel.haxx.se
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
>

-- 
[image: www.novetta.com]
*James Jones*
Software Engineer
FBNC
Email  jjones2@novetta.com <http://www.novetta.com/>
Office 910-243-6665

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-11-22