curl-users
Re: CURL 7.64.0
Date: Wed, 6 Mar 2019 02:33:31 -0500
On 3/5/2019 9:51 AM, Pierre Brico wrote:
> I've been using an old version of curl for a while without any issue.
> Here is the version I used:
>
> $ curl --version
> curl 7.40.0 (i686-pc-mingw32) libcurl/7.40.0 OpenSSL/1.0.1k zlib/1.2.8
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
> pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
> Features: Largefile NTLM SSL libz TLS-SRP
>
> Now, I've recently upgraded my MSYS system to MSYS2. This new version
> of MYSYS2 embeds curl in it's latest version 7.64.0. Here is the
> output of the --version option:
> $ curl --version
> curl 7.64.0 (x86_64-pc-msys) libcurl/7.64.0 OpenSSL/1.1.1b zlib/1.2.11
> brotli/1.0.7 libidn2/2.1.1 libpsl/0.20.2 (+libidn2/2.1.1)
> libssh2/1.8.0 nghttp2/1.36.0
> Release-Date: 2019-02-06
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS Debug TrackMemory IDN IPv6 Largefile GSS-API
> Kerberos SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets
> HTTPS-proxy PSL Metalink
>
> My issue is related to the cookies usage. I've written a script which
> emulates a simple user who logs into a web site and execute a certain
> action. With curl version 7.40, everything was working as expected...
> With the new version of curl, no cookie is sent when executing the POST.
> I've searched the documentation but found no changes related to the
> cookie engine. That's the reason why I've post my issue to this
> mailing list...
>
> Here is a fragment of my script:
>
> curl $CURL_OPTIONS -sSL -k -j -c cookies-out.txt -o $PAGE
> "https://fronteo-keycloak-rmm:8443/auth/realms/fhome/protocol/openid-connect/auth?response_type=code&scope=aisp&client_id=$CLIENT_ID&state=12345&redirect_uri=http://localhost:8080"
> if [ $? -ne 0 ]; then
> echo "Couldn't get login page from Redhat SSO"
> exit 1
> fi
>
> mv cookies-out.txt cookies-in.txt
> curl $CURL_OPTIONS -sS -k -b cookies-in.txt -c cookies-out.txt -X POST
> -o $PAGE --data "username=XXXXX&password=YYYYYY"
> "https://fronteo-keycloak-rmm:8443/auth/realms/fhome/protocol/openid-connect/auth?response_type=code&scope=aisp&client_id=$CLIENT_ID&state=12345&redirect_uri=http://localhost:8080"
> if [ $? -ne 0 ]; then
> echo "Couldn't post user/password to Redhat SSO"
> exit 2
> fi
>
> The first call to curl (GET) will start the session (get the cookies)
> and the second call to curl (POST) will send credentials (with the
> cookies) to continue the process.
>
> Executing the script in DEBUG mode shows that cookies are ignored with
> the latest version:
>
> > POST
> /auth/realms/fhome/login-actions/authenticate?session_code=anEjPMdR-9_Xl0t68_vDaT5yu6JoXAizauJ3rtrgcPw&execution=f65ccedb-cc7a-4f46-b386-f59408012698&client_id=XXXXXXXXXXXXX&tab_id=SwFAuhzueT0
> HTTP/2
> > Host: fronteo-keycloak-rmm:8443
> > User-Agent: curl/7.64.0
> > Accept: */*
> > Content-Length: 27
> > Content-Type: application/x-www-form-urlencoded
> >
>
> And this output of the old version:
>
> > POST
> /auth/realms/fhome/login-actions/authenticate?session_code=yRyjuGxKaOLa-628N1ZLQi4l39Yc1g7BcBa1EwTgJvo&execution=f65ccedb-cc7a-4f46-b386-f59408012698&client_id=XXXXXXXXXXXXX&tab_id=episi_krhDY
> HTTP/1.1
> > User-Agent: curl/7.40.0
> > Host: fronteo-keycloak-rmm:8443
> > Accept: */*
> > Cookie:
> AUTH_SESSION_ID=bd7a2b29-f09d-4950-adb4-733c2d2f8cfb.fronteo-keycloak-rmm;
> KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIyOTNiZDllMy0wMDJlLTQ4OTYtYjg0Ny0xODdlMDkzNjdmZGQifQ.eyJjaWQiOiIzNDY2Njg3YS03ZTNmLTRjOGYtYjRhMy1iZjE1ZmIxMWFhYTQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6ImFpc3AiLCJpc3MiOiJodHRwczovL2Zyb250ZW8ta2V5Y2xvYWstcm1tOjg0NDMvYXV0aC9yZWFsbXMvZmhvbWUiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6InBsYWluIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwic3RhdGUiOiIxMjM0NSJ9fQ.JhMJmSKLESr_flL3SRZgmaFw4T1e5ueg-1z9OEFoRX8
> > Content-Length: 27
> > Content-Type: application/x-www-form-urlencoded
> >
>
> The cookies file "cookies-out.txt" is created and I don't see any
> differences between both execution.
Reported as https://github.com/curl/curl/issues/3649
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-03-06