curl-library
Problem with GnuTLS libcurl and HTTPS over NTLM-auth'd HTTP proxy (and git)
Date: Sat, 12 May 2012 18:57:10 +0200
Hi all,
from Debian bug #671827:
> behind a proxy, git over HTTP works fine but not HTTPS.
>
> $ git ls-remote --heads http://github.com/jeromerobert/jCAE.git
> f1fdb01741f8aab4108222d3ca6fa9c095e09727 refs/heads/master
>
> But
> $ git ls-remote --heads https://github.com/jeromerobert/jCAE.git
> hangs.
>
> Running the same command with GIT_CURL_VERBOSE=1 prints:
> [...]
> * Received HTTP code 407 from proxy after CONNECT
> * STATE: WAITPROXYCONNECT => CONNECT handle 0x121e818; (connection #-5000)
> * About to connect() to proxy proxy.XXX.XXX port 8080 (#1)
> * Trying XXX.XXX.XXX.XXX...
> * 0x12158b8 is at send pipe head!
> * STATE: CONNECT => WAITCONNECT handle 0x121e818; (connection #1)
> * Connected to proxy.XXX.XXX (XXX.XXX.XXX.XXX) port 8080 (#1)
> * Connected to proxy.XXX.XXX (XXX.XXX.XXX.XXX) port 8080 (#1)
> * Establish HTTP proxy tunnel to github.com:443
> * Proxy auth using NTLM with user 'XXXXXXXX'
> > CONNECT github.com:443 HTTP/1.1
> Host: github.com:443
> Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
> User-Agent: git/1.7.10
> Proxy-Connection: Keep-Alive
> Pragma: no-cache
>
> * STATE: WAITCONNECT => WAITPROXYCONNECT handle 0x121e818; (connection #1)
> * Multi mode finished polling for response from proxy CONNECT
> < HTTP/1.1 407 Proxy Authentication Required
> < Proxy-Authenticate: NTLM
> TlRMTVNTUAACAAAABAAEADgAAAAGgokCJ+N51b5YAfwAAAAAAAAAAIAAgAA8AAAABQLODgAAAA9JV0ZSAgAIAEkAVwBGAFIAAQAQAFMARgBSAFMAMQAwADAAMQAEABgAaQB3AGYAcgAuAGgAcQAuAGMAbwByAHAAAwAqAFMARgBSAFMAMQAwADAAMQAuAGkAdwBmAHIALgBoAHEALgBjAG8AcgBwAAUADgBoAHEALgBjAG8AcgBwAAAAAAA=
> < Cache-Control: no-cache
> < Pragma: no-cache
> < Content-Type: text/html; charset=utf-8
> < Proxy-Connection: Keep-Alive
> < Set-Cookie: BCSI-CS0AFB947C=2; Path=/
> < Connection: Keep-Alive
> < Content-Length: 830
> <
> * Ignore 830 bytes of response-body
> and nothing more.
This happens with the GnuTLS "flavour" of libcurl 7.25.0 (full log at [0]) but
not 7.21.0 (full log at [1]). Also, it doesn't happen when using curl, but only
with git. Note that I wasn't able to reproduce it with a simple proxy
configuration, but since I do not have any NTLM-configured system (nor experience
in configuring one) it was without authentication.
Now, this might be a git bug, but what's weird is that it appears to have
worked with an older version of libcurl. Also, I suggested the bug submitter to
install winbind to see if NTLM_WB worked but it didn't change anything (though I
suspect winbind needs some configuration, which I am not able to help with)...
I'm not even sure if this has anything to do with NTLM :/
Can you reproduce this? If so, do you know of any change that may have caused
this (or any workaround to fix it)? Any help is appreciated.
Thanks
[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;filename=bad-with-libcurl3-gnutls_7.25.0-1.log;att=2;bug=671827
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;filename=good-with-libcurl3-gnutls_7.21.0-2.log;att=1;bug=671827
-- perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: Digital signature