Buy commercial curl support from
WolfSSL. We help you work out your issues, debug your libcurl
applications, use the API, port to new platforms, add new features and more.
With a team lead by the curl founder himself.
Re: Help: TLS server receives a large amount of Authorization information along with application data
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jason Qian via curl-users <curl-users_at_lists.haxx.se>
Date: Fri, 29 Mar 2024 16:31:36 -0400
Hi Dan,
Thanks for your response.
It is on windows and you are right, the HTTP SPNEGO auth seems enabled.
curl_easy_setopt(_curl, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE);
//(legacy code)
This seems an unnecessary configuration, if SSL is enabled ?
From wireshark tcp stream, we saw the handshake between client and
server with TLv1.2.
Could not find Kerberos used anywhere.
Thanks
Jason
On Thu, Mar 28, 2024 at 7:02 PM Dan Fandrich via curl-users <
curl-users_at_lists.haxx.se> wrote:
> On Thu, Mar 28, 2024 at 01:56:07PM -0400, Jason Qian via curl-users wrote:
> > We are running a C++ server(with TLS 1.2 OpenSSL 1.1.1n). The clients
> are in C
> > #, Java and C++;
> > All clients work fine, but when using C++ client, the server receives a
> large
> > amount of Authorization information along with application data.
>
> What do you mean by "large amount"? What exactly is "Authorization
> information"? Are you talking about a very long Authorization: header line?
> This is expected when HTTP authorization is enabled.
>
> > (C#, Java client are not sending those information)
> >
> > GET /data//somehost-1/ddt//ds-1117482431063112572/2.out HTTP/1.1
> > Host: somehost .dev.xx.com:27159
> > Authorization: Negotiate
> YIIMmQYGKwYBBQUCoIIMjTCCDImgMDAuBgkqhkiC9xIBAg......
> >
> >
> > The C++ client is using CURL [7.83.0] with OpenSSL 1.1.1n.
> > with following setting:
> >
> > curl_easy_setopt(curl, CURLOPT_CAINFO, "ssl.pem");
> >
> > //For client authentication
> > curl_easy_setopt(_curl, CURLOPT_SSLCERT, "server.crt");
> > curl_easy_setopt(_curl, CURLOPT_SSLKEY, "key.pem");
>
> I suspect you're leaving out some setopts here, and you didn't say what
> platform this is on. If this is Windows or a Kerberos site and
> authorization
> has been enabled in libcurl, it's expected that an Authorization: Negotiate
> header will be added.
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
>
Date: Fri, 29 Mar 2024 16:31:36 -0400
Hi Dan,
Thanks for your response.
It is on windows and you are right, the HTTP SPNEGO auth seems enabled.
curl_easy_setopt(_curl, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE);
//(legacy code)
This seems an unnecessary configuration, if SSL is enabled ?
From wireshark tcp stream, we saw the handshake between client and
server with TLv1.2.
Could not find Kerberos used anywhere.
Thanks
Jason
On Thu, Mar 28, 2024 at 7:02 PM Dan Fandrich via curl-users <
curl-users_at_lists.haxx.se> wrote:
> On Thu, Mar 28, 2024 at 01:56:07PM -0400, Jason Qian via curl-users wrote:
> > We are running a C++ server(with TLS 1.2 OpenSSL 1.1.1n). The clients
> are in C
> > #, Java and C++;
> > All clients work fine, but when using C++ client, the server receives a
> large
> > amount of Authorization information along with application data.
>
> What do you mean by "large amount"? What exactly is "Authorization
> information"? Are you talking about a very long Authorization: header line?
> This is expected when HTTP authorization is enabled.
>
> > (C#, Java client are not sending those information)
> >
> > GET /data//somehost-1/ddt//ds-1117482431063112572/2.out HTTP/1.1
> > Host: somehost .dev.xx.com:27159
> > Authorization: Negotiate
> YIIMmQYGKwYBBQUCoIIMjTCCDImgMDAuBgkqhkiC9xIBAg......
> >
> >
> > The C++ client is using CURL [7.83.0] with OpenSSL 1.1.1n.
> > with following setting:
> >
> > curl_easy_setopt(curl, CURLOPT_CAINFO, "ssl.pem");
> >
> > //For client authentication
> > curl_easy_setopt(_curl, CURLOPT_SSLCERT, "server.crt");
> > curl_easy_setopt(_curl, CURLOPT_SSLKEY, "key.pem");
>
> I suspect you're leaving out some setopts here, and you didn't say what
> platform this is on. If this is Windows or a Kerberos site and
> authorization
> has been enabled in libcurl, it's expected that an Authorization: Negotiate
> header will be added.
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-03-29