cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: bad request with SSL; libcurl 7.19.4 SSL enabled / Win32

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 14 Apr 2009 13:24:55 +0200 (CEST)

On Tue, 14 Apr 2009, Thomas Reinhardt wrote:

> I have the following problem. Our very restrictive new proxy criticizes the
> POST-URL in line 20 from the transscript below, written by the
> debug_function. It looks like the URL is broken. The URL should contain also
> protocol and hostadress.
>
> wrong: POST /servlets/tstOnline HTTP/1.1
>
> should be: POST https://tst-online.tst.de/servlets/tstOnline HTTP/1.1
>
> If I disable SSL, the POST-URL is correct and the proxy is happy.
>
> without SSL: POST http://tst-online.tst.de/servlets/tstOnline HTTP/1.1
>
> But I have to use SSL. Is there any workaround?

This mail and problem report puzzle me.

When libcurl speaks HTTPS to a remote server through a proxy it will use
CONNECT through the proxy and then do the *correct* POST to the _remote
server_. In such HTTPS-through-proxy cases, the traffic is tunneled through
the proxy and it should and must not care about the contents.

Your sample code seems to not set the CURLOPT_PROXY for the https case? See
snippet below:

           if(url[4] == 's') {
                res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
                res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
           } else {
                res = curl_easy_setopt(curl, CURLOPT_PROXY, proxy);
           }

So, I don't understand how you end up with the proxy getting this input!

-- 
  / daniel.haxx.se
Received on 2009-04-14