cURL / Mailing Lists / curl-library / Single Mail


RE: NTLM Proxy Authentication and SSL

From: Daniel Stenberg <>
Date: Mon, 3 Sep 2007 00:24:54 +0200 (CEST)

On Thu, 30 Aug 2007, Paul Mecklar wrote:

>> What issue is it that occurrs exactly that is timing dependent?
> The issue is that without the delay, the tunnel to the proxy server is not
> correctly established, and the call fails with a 407 error code. The sort of
> good news is that I don't think it is directly related to the NTLM code, I
> think it is with the code that establishes the proxy tunnel.


> The issue is in http.c, in the CURL_proxyCONNECT function. There is data
> from the proxy server response that is not getting properly dealt with. On
> the last "go round" with the proxy server libcurl reads in the remainder of
> the proxy auth response from the previous round. The reason why the delay in
> the debug callback is affecting it is because the complete proxy server
> responses are able to be retrieved in one read with the delay.

Okay, but assuming this is the reason, how come the loop terminates

It seems this happens because the response contains chunked transfer-encoding
and the Curl_proxyCONNECT() has no support for that... For some reason I have
something in the back of my head saying we once added support for this, but I
just can't remember why it wouldn't be in the current code then!

> I was looking at the code to try and address it myself, but am fearful of
> making changes to the code as I am not sure what other impacts it could
> have.

There's a test suite that minimizes the risk, plus we have a bunch of
subscribers to this list who can review and comment patches.

Are you willing to work on making the Curl_proxyCONNECT() function properly
"pass" responses that are sent chunky? We already have the suitable support
functions for this, used in lib/transfer.c for "regular" transfers.

  Commercial curl and libcurl Technical Support:
Received on 2007-09-03