On Wed, Oct 03, 2001 at 05:01:45PM +0200, Daniel Stenberg wrote:
> I actually noticed it myself first while googling, but Domenico Andreoli (the
> Debian maintainer) forwarded it to us as well.

Excellent.

> > Script started on Wed Oct 3 09:00:30 2001
> > black:/tmp/curl> ./testcurl_nouserpwd
> > * Connected to 192.168.1.2 (192.168.1.2)
> > > GET http://www.cnn.com/ HTTP/1.1
> > Proxy-authorization: Basic ZGVkZGVsMDA6bWZFZGQ5OQ==
> > Host: www.cnn.com
> > Pragma: no-cache
> > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> >
> > * Closing live connection (#0)
>
> The Proxy-authorization header visible in this request is the name and
> password your proxy requires/wants that the user-agent provides to be allowed
> to us its services.
>
> Other than that, there's not much to say. This is a perfectly valid HTTP 1.1
> GET request.
>
> Are you saying that this doesn't return any HTML for you? It would rather
> indicate a problem with your proxy, as I see it!

Correct. I ask this simple.c variant to dump all html into a file ... and
the resulting file has length zero without CURLOPT_USERPWD being set.

Could well be a proxy server bug. I am fully ignorant of the details and RFCs.

>
> > black:/tmp/curl> ./testcurl_withuserpwd
> > * Connected to 192.168.1.2 (192.168.1.2)
> > > GET http://www.cnn.com/ HTTP/1.1
> > Proxy-authorization: Basic ZGVkZGVsMDA6bWZFZGQ5OQ==
> > Authorization: Basic ZGVkZGVsMDA6bWZFZGQ5OQ==
> > Host: www.cnn.com
> > Pragma: no-cache
> > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
>
> The only difference here is the Authorization header, which sends your user
> name and password to the remote host.
>
> I can't see what libcurl does wrong here.

But cnn.com doesn't need my name/password, so that should not have to fall
under Authorization.

> What if you try the command line tool? Can you reach that web page using a
> command line similar to: 'curl -x 192.168.1.2 http://www.cnn.com/' ?

No, only with -x and -U as in
        curl -x http://1.2.3.4:5 -U foo:bar http://cnn.com
This /really/ is a firewall with authentication.

> I unpacked the 7.9 tarball on a machine behind a proxy and I invoked a
> command line like the above (changed to my local proxy) and it returned the
> full frontpage from CNN. The request looked like this:
>
> * Connected to secret.proxy.somwhere (1.2.3.4)
> > GET http://www.cnn.com/ HTTP/1.1
> User-Agent: curl/7.9 (sparc-sun-solaris2.6) libcurl 7.9
> Host: www.cnn.com
> Pragma: no-cache
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

Same here, but with "Proxy-authenctication ..."

> And the CNN server returned the following headers:
>
> Server: Netscape-Enterprise/4.1
> Date: Wed, 03 Oct 2001 14:57:08 GMT
> Last-Modified: Wed, 03 Oct 2001 14:57:08 GMT
> Expires: Wed, 03 Oct 2001 14:58:08 GMT
> Cache-Control: private,max-age=60
> Content-Type: text/html
> Age: 0
> X-Cache: MISS from proxy1.netinsight.se
> Proxy-Connection: close

Hm, I don;t get those. Special cmd line option needed to see them?

> ... and some 14K of HTML.
>
> If I add a Proxy-authorization with -U (which my proxy ignores), it makes no
> difference at all. I get the same headers and contents. I also added an
> Authorization header, but yet again no difference was visible.
>
> I just can't see a problem here.

That's why I tried to be careful in my initial bug report. It is conceivable
that the firewall/proxy server used here is wrong. Dunno. But it works with a
good number of other apps/libs. If it helped, I could show you what I need
for Perl's LWP module.

If you see no fault in your code, it might be good enough to modify the
curl_easy_setopt manual page entry for CURLOPT_USERPWD to add a hint that
this option may be needed with some proxy-auth firewalls in addition to the
CURLOPT_PROXYUSERPWD option.

Best regards, Dirk

-- 
Three out of two people have difficulties with fractions.