Re: how to use --proxy-negotiate, exactly?
Date: Tue, 24 Feb 2009 15:47:50 +0000 (UTC)
On Tue, 24 Feb 2009 09:08:23 +0100, Daniel Stenberg wrote:
> If I'm not mistaking, the Negotiate protocol works that way
I could even more likely be mistaken, but I don't think a Negotiate
authenticated request needs to be preceded by a non-Negotiate
> so libcurl
> needs to get the Proxy-Authorize: oresponse back from the proxy with
> data in it in order to proceed from there.
I don't see anything in the response from the failed first request that
the Negotiate request would need/use. Here's the initial non-Negotiate
> GET http://www.sun.com/ HTTP/1.1
> User-Agent: curl/7.19.3 (i486-pc-linux-gnu) libcurl/7.19.3 OpenSSL/0.9.8g zlib/126.96.36.199 libidn/1.8
> Host: www.sun.com
> Accept: */*
> Proxy-Connection: Keep-Alive
* HTTP 1.0, assume close after body
< HTTP/1.0 407 Proxy Authentication Required
< Server: squid/3.0.STABLE10
< Mime-Version: 1.0
< Date: Tue, 24 Feb 2009 04:11:51 GMT
< Content-Type: text/html
< Content-Length: 1624
< Expires: Tue, 24 Feb 2009 04:11:51 GMT
< X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
< X-Cache: MISS from linux
< X-Cache-Lookup: NONE from linux:3128
< Via: 1.0 linux (squid/3.0.STABLE10)
< Proxy-Connection: close
Also, I'm fairly sure that Firefox, which also does Negotiate, doesn't
send a non-Negotiate request prior to using Negotiate.
ISTM that curl should be able to just jump to using Negotiate for the
first request and it should work.
I could probably add some more debug to figure out why this two phase
requesting is happening, but likely you have much more familiarity and
could eliminate that first request a lot quicker than I can. :-)
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
Received on 2009-02-24