taher daryani | 24 Mar 22:17 2011
Picon

Sending Https request over proxy aborts

Hi ,

 

I am using libcurl to send  http/https requests through a proxy. It works fine for http requests but it returns error 407 for https requests if I use CURLAUTH_ANY. If I use CURLAUTH_BASIC then the request would succeed.

 

Here are the options I set up before I do the perform.

 

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_URL, sURL.c_str());

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_USERAGENT, sAgentName.c_str());

 

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_POSTFIELDS, sPostData.c_str());

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_POSTFIELDSIZE, sPostData.size());

 

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_WRITEDATA, &eCallBackData);

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_WRITEFUNCTION, cHttpURL_write_callback);

cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_SSL_VERIFYPEER, false);

 

cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_HTTPPROXYTUNNEL, 0);

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);

 

cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_PROXYUSERPWD, UserSettings);

      cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_PROXYAUTH, CURLAUTH_ANY);

cURLCode = curl_easy_setopt(m_cURLSession, CURLOPT_HTTPPROXYTUNNEL, 0);

 

Here is the response log:

 

About to connect() to proxy 10.10.12.137 port 4480 (#0)

*   Trying 10.10.12.137... * connected

* Connected to 10.10.12.137 (10.10.12.137) port 4480 (#0)

* Establish HTTP proxy tunnel to x.x.net:443

> CONNECT x.x.net:443 HTTP/1.0

 

Host: x.x.net:443

 

User-Agent: Company Product

 

Proxy-Connection: Keep-Alive

 

Content-Type: text/xml

 

Accept-Language: -

 

 

 

< HTTP/1.0 407 Proxy Authentication required

 

< Date: Wed, 23 Mar 2011 18:40:45 GMT

 

< Content-Type: text/html

 

< Proxy-Authenticate: Basic realm="Proxy+ HTTP Proxy service"

 

< Content-Length: 1104

 

<

 

* Ignore 1104 bytes of response-body

* Establish HTTP proxy tunnel to x.x.net:443

* Proxy auth using Basic with user 'user'

> CONNECT x.x.net:443 HTTP/1.0

 

Host: x.x.net:443

 

Proxy-Authorization: Basic dXNlcjpwYXPbs29yZA==

 

User-Agent: Company Product

 

Proxy-Connection: Keep-Alive

 

Content-Type: text/xml

 

Accept-Language: -

 

 

 

* Proxy CONNECT aborted

* Closing connection #0

* Failure when receiving data from the peer

 

I was wondering If you could tell me what I am missing.

 

Thanks

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Ben Noordhuis | 24 Mar 23:09 2011
Picon

Re: Sending Https request over proxy aborts

On Thu, Mar 24, 2011 at 22:17, taher daryani <daryanit <at> gmail.com> wrote:
> I am using libcurl to send  http/https requests through a proxy. It works
> fine for http requests but it returns error 407 for https requests if I use
> CURLAUTH_ANY. If I use CURLAUTH_BASIC then the request would succeed.

> * Proxy CONNECT aborted
> * Closing connection #0
> * Failure when receiving data from the peer

Apparently he proxy rejects the CONNECT request. With CURLAUTH_BASIC
the request succeeds but not with CURLAUTH_ANY? Are you sure that you
are sending the right credentials? The Proxy-Authenticate header
decodes to "user:pas۳ord". Looks like an Arabic ordinal.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
taher daryani | 24 Mar 23:30 2011
Picon

Re: Sending Https request over proxy aborts

Sorry, I made a typing mistake. it is dXNlcjpwYXNzd29yZA== which should decode to user:password.


 

On Thu, Mar 24, 2011 at 3:09 PM, Ben Noordhuis <info <at> bnoordhuis.nl> wrote:
On Thu, Mar 24, 2011 at 22:17, taher daryani <daryanit <at> gmail.com> wrote:
> I am using libcurl to send  http/https requests through a proxy. It works
> fine for http requests but it returns error 407 for https requests if I use
> CURLAUTH_ANY. If I use CURLAUTH_BASIC then the request would succeed.

> * Proxy CONNECT aborted
> * Closing connection #0
> * Failure when receiving data from the peer

Apparently he proxy rejects the CONNECT request. With CURLAUTH_BASIC
the request succeeds but not with CURLAUTH_ANY? Are you sure that you
are sending the right credentials? The Proxy-Authenticate header
decodes to "user:pas۳ord". Looks like an Arabic ordinal.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Daniel Stenberg | 25 Mar 11:35 2011
Picon

Re: Sending Https request over proxy aborts

On Thu, 24 Mar 2011, taher daryani wrote:

> I am using libcurl to send http/https requests through a proxy. It works 
> fine for http requests but it returns error 407 for https requests if I use 
> CURLAUTH_ANY.

That's expected and normal. libcurl then picks the "best" auth type it knows 
(among those that the server says it allows) and connects again.

> If I use CURLAUTH_BASIC then the request would succeed.

So the server only rejects libcurl if a single CONNECT is made? Or is there a 
difference between the BASIC-at-once request and the 
BASIC-after-the-prope-connect request?

What libcurl version is this on what platform?

> * Proxy auth using Basic with user 'user'
> CONNECT x.x.net:443 HTTP/1.0
> Host: x.x.net:443
> Proxy-Authorization: Basic dXNlcjpwYXPbs29yZA==
> User-Agent: Company Product
> Proxy-Connection: Keep-Alive
> Content-Type: text/xml
> Accept-Language: -
>
> * Proxy CONNECT aborted
> * Closing connection #0
> * Failure when receiving data from the peer

That seems to be a Curl_read() that returns error so it looks like the proxy 
is really not liking it. (around lib/http.c:1479 in my current dev code)

--

-- 

  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html


Gmane