curl-library
Re: CURLOPT_HTTP_VERSION doesn't work?
Date: Fri, 9 Jan 2009 17:08:10 -0500
Interestingly enough, there is more to this than I first discovered.
Testing with IE 7, it turns out that they use CONNECT ... HTTP/1.0 but
do succeed. Here is the log of a successful connection
Snooping an IE session:
CONNECT webmail.quest.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR
3.0.04506.648)
Proxy-Connection: Keep-Alive
Content-Length: 0
Host: webmail.quest.com
Pragma: no-cache
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service
is denied. )
Via:1.1 TORISAW01
Proxy-Authenticate: NTLM
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 2375
-----An error web page, not worth copying-----
CONNECT webmail.quest.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR
3.0.04506.648)
Proxy-Connection: Keep-Alive
Content-Length: 0
Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAB7IIogQABAA2AAAADgAOACgAAAAFAs4OAAAAD1RPUjAxNDMxOC1XMkszUFJPRA==
Pragma: no-cache
Host: webmail.quest.com
HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via:1.1 TORISAW01
Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAACAAIADgAAAAFgomif9bJtiotHA0AAAAAAAAAAJYAlgBAAAAABQLODgAAAA9QAFIATwBEAAIACABQAFIATwBEAAEAEgBUAE8AUgBJAFMAQQBXADAAMQAEAB4AcAByAG8AZAAuAHEAdQBlAHMAdAAuAGMAbwByAHAAAwAyAHQAbwByAGkAcwBhAHcAMAAxAC4AcAByAG8AZAAuAHEAdQBlAHMAdAAuAGMAbwByAHAABQAUAHEAdQBlAHMAdAAuAGMAbwByAHAAAAAAAA==
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0
CONNECT webmail.quest.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR
3.0.04506.648)
Proxy-Connection: Keep-Alive
Content-Length: 0
Host: webmail.quest.com
Pragma: no-cache
Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAAAgACABIAAAACgAKAFAAAAAcABwAWgAAAAAAAACmAAAABYKIogUCzg4AAAAPUABSAE8ARABjAHcAZQBzAHQAVABPAFIAMAAxADQAMwAxADgALQBXADIASwAzAO4IqyQXh4yWAAAAAAAAAAAAAAAAAAAAAPyumou4itve2y05AnEx54lRuiupDA7sMQ==
HTTP/1.1 200 Connection established
Via: 1.1 TORISAW01
Here is a successful Firefox 2 session:
CONNECT webmail.quest.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Proxy-Connection: keep-alive
Host: webmail.quest.com
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service
is denied. )
Via:1.1 TORISAW01
Proxy-Authenticate: NTLM
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 2375
---- error page ---
CONNECT webmail.quest.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Proxy-Connection: keep-alive
Host: webmail.quest.com
Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAB7IIogQABAA2AAAADgAOACgAAAAFAs4OAAAAD1RPUjAxNDMxOC1XMkszUFJPRA==
HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via:1.1 TORISAW01
Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAACAAIADgAAAAFgominX79S5+nI8oAAAAAAAAAAJYAlgBAAAAABQLODgAAAA9QAFIATwBEAAIACABQAFIATwBEAAEAEgBUAE8AUgBJAFMAQQBXADAAMQAEAB4AcAByAG8AZAAuAHEAdQBlAHMAdAAuAGMAbwByAHAAAwAyAHQAbwByAGkAcwBhAHcAMAAxAC4AcAByAG8AZAAuAHEAdQBlAHMAdAAuAGMAbwByAHAABQAUAHEAdQBlAHMAdAAuAGMAbwByAHAAAAAAAA==
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0
CONNECT webmail.quest.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Proxy-Connection: keep-alive
Host: webmail.quest.com
Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAAAgACABIAAAACgAKAFAAAAAcABwAWgAAAAAAAACmAAAABYKIogUCzg4AAAAPUABSAE8ARABjAHcAZQBzAHQAVABPAFIAMAAxADQAMwAxADgALQBXADIASwAzAG9Dw6LIi2TpAAAAAAAAAAAAAAAAAAAAAMCLznH+H82kmgls3HWx5ll3vj/pAgsBXw==
HTTP/1.1 200 Connection established
Via: 1.1 TORISAW01
Here is the log of a failed connection using libcurl:
CONNECT webmail.quest.com:443 HTTP/1.0
Host: webmail.quest.com:443
User-Agent: Mozilla/4.5 [en] (X11; U; SunOS 5.6 sun4u)
Proxy-Connection: Keep-Alive
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service
is denied. )
Via:1.1 TORISAW01
Proxy-Authenticate: NTLM
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 2375
--- error page ---
CONNECT webmail.quest.com:443 HTTP/1.0
Host: webmail.quest.com:443
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
User-Agent: Mozilla/4.5 [en] (X11; U; SunOS 5.6 sun4u)
Proxy-Connection: Keep-Alive
At this point, the server closes the connection, which seems rude
Here is a successful conmnection using libcurl with my 1.1 patch
CONNECT webmail.quest.com:443 HTTP/1.1
Host: webmail.quest.com:443
User-Agent: Mozilla/4.5 [en] (X11; U; SunOS 5.6 sun4u)
Proxy-Connection: Keep-Alive
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service
is denied. )
Via:1.1 TORISAW01
Proxy-Authenticate: NTLM
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 2375
--- error page ---
CONNECT webmail.quest.com:443 HTTP/1.1
Host: webmail.quest.com:443
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
User-Agent: Mozilla/4.5 [en] (X11; U; SunOS 5.6 sun4u)
Proxy-Connection: Keep-Alive
HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via:1.1 TORISAW01
Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAABAAEADgAAAAGgokCS9diXK0c1goAAAAAAAAAAJYAlgA8AAAABQLODgAAAA9QUk9EAgAIAFAAUgBPAEQAAQASAFQATwBSAEkAUwBBAFcAMAAxAAQAHgBwAHIAbwBkAC4AcQB1AGUAcwB0AC4AYwBvAHIAcAADADIAdABvAHIAaQBzAGEAdwAwADEALgBwAHIAbwBkAC4AcQB1AGUAcwB0AC4AYwBvAHIAcAAFABQAcQB1AGUAcwB0AC4AYwBvAHIAcAAAAAAA
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0
CONNECT webmail.quest.com:443 HTTP/1.1
Host: webmail.quest.com:443
Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAQABABwAAAABQAFAHQAAAAOAA4AeQAAAAAAAAAAAAAABoKJAkLs7O+sD8bcAAAAAAAAAAAAAAAAAAAAAHx7XNSACATUcoOVX1p6T7hzSBwlz89xLlBST0Rjd2VzdFRPUjAxNDMxOC1XMksz
User-Agent: Mozilla/4.5 [en] (X11; U; SunOS 5.6 sun4u)
Proxy-Connection: Keep-Alive
HTTP/1.1 200 Connection established
Via: 1.1 TORISAW01
There are a few interesting things to note about these logs. The most
obvious one in relation to this thread is that the only difference
between a successful libcurl connection and a failed libcurl
connection is the protocol version. I tried this after noticing that
Firefox uses 1.1. On the other hand, the IE connection uses HTTP/1.0
but is successful.
It appears that having a setting for this protocol is a worthwhile
thing, as both seem to be used in the world at large, but there
appears to be some other problem with our connection, at least when
using protocol 1.0. So far the only differences I am seeing with the
IE version are the Content-Length: 0 and Pragma: no-cache headers, and
the actual length of the Proxy-Authorization header in IE is
considerably longer. Those are all the case in the 1.1 case as well,
but it works then...
Received on 2009-01-09