curl / Mailing Lists / curl-users / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Help: TLS server receives a large amount of Authorization information along with application data

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Jason Qian via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 28 Mar 2024 13:56:07 -0400

Hi

We are running a C++ server(with TLS 1.2 OpenSSL 1.1.1n). The clients are
in C#, Java and C++;
All clients work fine, but when using C++ client, the server receives a
large amount of Authorization information along with application data.
(C#, Java client are not sending those information)

GET /data//somehost-1/ddt//ds-1117482431063112572/2.out HTTP/1.1
Host: somehost .dev.xx.com:27159
*Authorization: Negotiate
YIIMmQYGKwYBBQUCoIIMjTCCDImgMDAuBgkqhkiC9xIBAg......*

The C++ client is using *CURL [7.83.0] with OpenSSL 1.1.1n*.
with following setting:

curl_easy_setopt(curl, CURLOPT_CAINFO, "ssl.pem");

//For client authentication
curl_easy_setopt(_curl, CURLOPT_SSLCERT, "server.crt");
curl_easy_setopt(_curl, CURLOPT_SSLKEY, "key.pem");

Is there a way to avoid this happening?

Thanks
Jason

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2024-03-28

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]