Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

The strange connect behavior of curl via socks5 proexy to different websites.

From: Hongyi Zhao via curl-library <curl-library_at_cool.haxx.se>
Date: Sat, 5 Sep 2020 06:17:28 +0800

Hi,

On Ubuntu 20.04, I run Tor which listens on 127.0.0.1:9050. The curl
testings for using Tor's socks5 proxy are done as following:

werner@X10DAi-01:~$ curl -vI -x socks5://127.0.0.1:9050 https://www.google.com
* Trying 127.0.0.1:9050...
* TCP_NODELAY set
* SOCKS5 communication to www.google.com:443
* SOCKS5 connect to IPv4 216.58.200.36:443 (locally resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 9050 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google LLC;
CN=www.google.com
* start date: Aug 19 14:21:15 2020 GMT
* expire date: Nov 11 14:21:15 2020 GMT
* subjectAltName: host "www.google.com" matched cert's "www.google.com"
* issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5630d1c10db0)
> HEAD / HTTP/2
> Host: www.google.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
HTTP/2 200
< content-type: text/html; charset=ISO-8859-1
content-type: text/html; charset=ISO-8859-1
< p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< date: Fri, 04 Sep 2020 22:12:42 GMT
date: Fri, 04 Sep 2020 22:12:42 GMT
< server: gws
server: gws
< x-xss-protection: 0
x-xss-protection: 0
< x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
< expires: Fri, 04 Sep 2020 22:12:42 GMT
expires: Fri, 04 Sep 2020 22:12:42 GMT
< cache-control: private
cache-control: private
< set-cookie: 1P_JAR=2020-09-04-22; expires=Sun, 04-Oct-2020 22:12:42
GMT; path=/; domain=.google.com; Secure
set-cookie: 1P_JAR=2020-09-04-22; expires=Sun, 04-Oct-2020 22:12:42
GMT; path=/; domain=.google.com; Secure
< set-cookie: NID=204=UbMGogVaUh-hNlUPMbH5WCaVZ5RdpWufhjZCFsKHjFfFyayy7f2ZRadtUur_dT35wye9_dAb3xW9fsuHFWFRRn7mxHcEucMuS7RRlEQq0KQ9igHmZr6eAGbYY4-fL56ZULdkSiSBPyWvSXPV_T8Hi9dR0iLT7LWTlhVvSpP9eo8;
expires=Sat, 06-Mar-2021 22:12:42 GMT; path=/; domain=.google.com;
HttpOnly
set-cookie: NID=204=UbMGogVaUh-hNlUPMbH5WCaVZ5RdpWufhjZCFsKHjFfFyayy7f2ZRadtUur_dT35wye9_dAb3xW9fsuHFWFRRn7mxHcEucMuS7RRlEQq0KQ9igHmZr6eAGbYY4-fL56ZULdkSiSBPyWvSXPV_T8Hi9dR0iLT7LWTlhVvSpP9eo8;
expires=Sat, 06-Mar-2021 22:12:42 GMT; path=/; domain=.google.com;
HttpOnly
< alt-svc: h3-29=":443"; ma=2592000,h3-27=":443";
ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443";
ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443";
ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000;
v="46,43"
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443";
ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443";
ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443";
ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000;
v="46,43"

<
* Connection #0 to host 127.0.0.1 left intact
werner@X10DAi-01:~$ curl -vI -x socks5://127.0.0.1:9050 https://www.baidu.com
* Trying 127.0.0.1:9050...
* TCP_NODELAY set
* SOCKS5 communication to www.baidu.com:443
* SOCKS5 connect to IPv4 220.181.38.149:443 (locally resolved)
^C

As you can see, the connection to google succeed while fail for
connection to baidu. Any hints for this problem?

Regards, 

--
Hongyi Zhao <hongyi.zhao_at_gmail.com>
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-09-05