On Wed, 3 Oct 2001, Dirk Eddelbuettel wrote:

> > I fell over your bug report at Debian, that seems to indicate a problem in
> > libcurl:
>
> Neat :) Did you spot that yourself or did the Debian maintainer send it
> to you?

I actually noticed it myself first while googling, but Domenico Andreoli (the
Debian maintainer) forwarded it to us as well.

> Here you go. "testcurl" is a simple variation on simple.c where I added
> CURLOPT_PROXY, CURLOPT_PROXYUSERPWD, and for the purposes of this
> exercise, CURLOPT_FILE and CURLOPT_VERBOSE. Unless CURLOPT_USERPWD is
> also set (and to the same value as CURLOPT_PROXYUSERPWD), the app is
> unsuccessful. From the output, the only difference is the
> "Authorization:" header. So from my naive understanding it would appear
> that curl sees another authentication request which it attributes to the
> URL rather than the PROXY.

I wouldn't put it that way. I'll elaborate below.

> Script started on Wed Oct 3 09:00:30 2001
> black:/tmp/curl> ./testcurl_nouserpwd
> * Connected to 192.168.1.2 (192.168.1.2)
> > GET http://www.cnn.com/ HTTP/1.1
> Proxy-authorization: Basic ZGVkZGVsMDA6bWZFZGQ5OQ==
> Host: www.cnn.com
> Pragma: no-cache
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
>
> * Closing live connection (#0)

The Proxy-authorization header visible in this request is the name and
password your proxy requires/wants that the user-agent provides to be allowed
to us its services.

Other than that, there's not much to say. This is a perfectly valid HTTP 1.1
GET request.

Are you saying that this doesn't return any HTML for you? It would rather
indicate a problem with your proxy, as I see it!

> black:/tmp/curl> ./testcurl_withuserpwd
> * Connected to 192.168.1.2 (192.168.1.2)
> > GET http://www.cnn.com/ HTTP/1.1
> Proxy-authorization: Basic ZGVkZGVsMDA6bWZFZGQ5OQ==
> Authorization: Basic ZGVkZGVsMDA6bWZFZGQ5OQ==
> Host: www.cnn.com
> Pragma: no-cache
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

The only difference here is the Authorization header, which sends your user
name and password to the remote host.

I can't see what libcurl does wrong here.

What if you try the command line tool? Can you reach that web page using a
command line similar to: 'curl -x 192.168.1.2 http://www.cnn.com/' ?

> I just upgraded to the 7.9-1 Debian packages, but no change there. I get
> the exact same logging output from the rebuilt testcurl_* apps.

I unpacked the 7.9 tarball on a machine behind a proxy and I invoked a
command line like the above (changed to my local proxy) and it returned the
full frontpage from CNN. The request looked like this:

* Connected to secret.proxy.somwhere (1.2.3.4)
> GET http://www.cnn.com/ HTTP/1.1
User-Agent: curl/7.9 (sparc-sun-solaris2.6) libcurl 7.9
Host: www.cnn.com
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

And the CNN server returned the following headers:

Server: Netscape-Enterprise/4.1
Date: Wed, 03 Oct 2001 14:57:08 GMT
Last-Modified: Wed, 03 Oct 2001 14:57:08 GMT
Expires: Wed, 03 Oct 2001 14:58:08 GMT
Cache-Control: private,max-age=60
Content-Type: text/html
Age: 0
X-Cache: MISS from proxy1.netinsight.se
Proxy-Connection: close

... and some 14K of HTML.

If I add a Proxy-authorization with -U (which my proxy ignores), it makes no
difference at all. I get the same headers and contents. I also added an
Authorization header, but yet again no difference was visible.

I just can't see a problem here.

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/