cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl-library Digest, Vol 110, Issue 18

From: Chris Johnson <cxjohnson_at_gmail.com>
Date: Tue, 7 Oct 2014 16:54:49 -0500

Thanks much for the reply.

(Yes, Base 64 hash not MD5 -- my bad.)

It's a SOAP web service, so I'm 95% sure it needs to be a POST operation.
I should also note the exact same code works just fine against other
servers. But this server may be different.

I'll extract my libcurl calls from my code; they're scattered across
several different methods in my class.

Roughly they look like this:

curl = curl_easy_init();
if (curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errormsg) ||
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, curl_debug_callback))
curl_easy_setopt(curl, CURLOPT_USERPWD, getLogin())) {
curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "") ||
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1) ||
curl_easy_setopt(curl, CURLOPT_IOCTLDATA, (void*)this) ||
curl_easy_setopt(curl, CURLOPT_IOCTLFUNCTION, ioctl) ||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0) ||
curl_easy_setopt(curl, CURLOPT_URL, getUrl()) ||
curl_easy_setopt(curl, CURLOPT_VERBOSE, verbose) ||
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)this) ||
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, sink) ||
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3) ||
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC) ||
curl_easy_setopt(curl, CURLOPT_POST, 1) ||
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, 0) ||
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len) ||
curl_easy_setopt(curl, CURLOPT_READDATA, (void*)this) ||
curl_easy_setopt(curl, CURLOPT_READFUNCTION, source) ||
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers) ||
curl_easy_perform(curl);

​Regards,
..chris

> Date: Tue, 7 Oct 2014 22:01:03 +0100
> From: Steve Holme <steve_holme_at_hotmail.com>
> To: "'libcurl development'" <curl-library_at_cool.haxx.se>
> Subject: RE: Help with basic auth problem?
> Message-ID: <DUB408-EAS1970AED854A8BCBB91D043A82A20_at_phx.gbl>
> Content-Type: text/plain; charset="UTF-8"
>
> On Tue, 7 Oct 2014, Chris Johnson wrote:
>
> > My code's attempts to connect to server are failing with my
> authentication rejected,
> > but I know it's correct as I can connect with other tools.​ I believe
> I've got my various
> > CURLOPTs set correctly, and the exchange looks right until it just goes
> off the rails.
>
> You didn't include your code so I can't say whether it is correct or not
> but looking at the log it looks like you're performing a POST request and
> not a GET - was that intentional?
>
> > From my logs, I see (MD5 has been trashed for privacy) that I send:
>
> Sorry for being pedantic but that's not a MD5 string but rather text that
> has been Base64 encoded ;-)
>
> > POST /EVSEligibilityWebService/spring-ws/EVSEligibility HTTP/1.1
> > Authorization: Basic XXkXXTk5NzYwXXXXXXXcnZlcjXXXXXXXXXXXXX==
> > Host: mn-its-atst.dhs.state.mn.us
> > Accept: */*
> > Content-Type: text/plain; charset=utf-8
> > Content-Length: 1055
> > Expect: 100-continue
>
> Certainly with a GET request I would expect to see the following in your
> log:
>
> * An initial request for the page or resource that is in your url
> * The server will the respond with a 401 and set the appropriate
> WWW-Authentication headers (listing Basic with the realm option - like the
> response you received did)
> * Your application would then send the request for the resource again, but
> this time with the Authorization header set with Basic and the Base64
> encoded username and password (in the format username:password)
> * The server would then respond with the resource you were after if
> authentication was successful - otherwise it would respond with another 401
>
> However, is authentication handled the same for POST requests? Do you have
> to perform a GET request first for the authentication to work then once
> that is successful perform the POST request?
>
> > 2014-10-07 14:44:47 ## Authentication problem. Ignoring this.
>
> If you search the libcurl source code for that string you'll find that it
> is output when curl has got its authentication state machine in a muddle -
> ie it's already sent the authentication request and isn't expecting to send
> it again.
>
> > Shouldn't libcurl respond to the WWW-authenticate: header by resending
> the
> > Authorization: header again?
>
> I'm not 100% sure how POST requests work with authentication so maybe some
> else can lend a hand and further my explanation ;-)
>
> > Is the server wrong to send that and follow it with an HTML page? Am I
> maybe
> > not seeing the entire picture in the logging from my debug callback?
>
> No... If you think about how a browser handles this when performing a GET
> request it will receive the mechanism and realm from the WWW-Authenticate
> header and typically prompt the user to enter their credentials (for Basic
> and Digest) probably stating the text from the realm in that dialog. Once
> the user enters those details and clicks "OK" it will then send the second
> request, continuing to authenticate as outlined above. However, if the user
> clicks "Cancel" the browser would then typically display the HTML from that
> response.
>
> I hope this helps and sorry I can't be more specific about POST requests.
>
> Kind Regards
>
> Steve
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> curl-library mailing list
> curl-library_at_cool.haxx.se
> http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-library
>
>
> ------------------------------
>
> End of curl-library Digest, Vol 110, Issue 18
> *********************************************
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-07