cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Problem with NTLM proxy authentication

From: Ulrich Telle <Ulrich.Telle_at_gmx.de>
Date: Fri, 05 Sep 2014 12:26:45 +0200

Steve,

> > I scheduled testing of the authentication process, that includes a
> > guy watching on the proxy server side, logging the network traffic
> > during the tests.
>
> Okay cool - it will be interesting to see how you get on and what
> information comes out of that.

It took a bit longer than expected to arrange and perform the tests, but now
the tests took place.

Although the tests failed again, we gained a bit of knowledge from the
additional debug messages I added.

> Sure - if it is a problem in libcurl I would like to be able to
> resolve it as well. So any assistance you can provide in identifying
> the issue would be great.

Following I show the protocol on the client side related to the last step where
the NTLM type-3 message should be generated. Additionally I attach a
screenshot (proxy-side-protocol.png) of the protocol on the proxy side.

>>> Begin <<<
Text: Issue another request to this URL: 'http://www.uhrzeit123.de/'
Text: Found bundle for host www.uhrzeit123.de: 0x2c21f38
Text: Re-using existing connection! (#0) with host 11.22.33.44
Text: Connected to 11.22.33.44 (11.22.33.44) port 9090 (#0)
Text: Curl_ntlm_create_type3_message: InitializeSecurityContext status=-2146893048
Text: Connection #0 to host 11.22.33.44 left intact

libcurl message: Failure when receiving data from the peer
>>> End <<<

The function InitializeSecurityContext fails with an error (hexadecimal:
80090308) As far as I could find out this code corresponds to the error
SEC_E_INVALID_TOKEN.

The question is whether the proxy sent corrupted data (what I find quite
unlikely) or whether libcurl doesn't handle the received data as it should.

Any ideas, how to proceed to get this working?

Regards,

Ulrich

-- 
E-Mail privat:  Ulrich.Telle_at_gmx.de
World Wide Web: http://www.telle-online.de

Der folgende Teil dieser Nachricht enthält einen Anhang im
sogenannten Internet MIME Nachrichtenformat.
Wenn Sie Pegasus Mail oder ein beliebiges anderes MIME-kompatibles
Email-System verwenden, sollten Sie den Anhang mit Ihrem Email-System
speichern oder anzeigen können. Gegebenenfalls fragen Sie Ihren Administrator.

The following section of this message contains a file attachment
prepared for transmission using the Internet MIME message format.
If you are using Pegasus Mail, or any another MIME-compliant system,
you should be able to save it or view it from within your mailer.
If you cannot, please ask your system administrator for assistance.

   ---- Datei Information/File information -----------
     Datei/File: proxy-side-protocol.png
     Datum/Date: 5 Sep 2014, 12:19
     Größe/Size: 112762 bytes.
     Typ/Type: Unbekannt

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-09-05