Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: Getting curl to go all the way through proxy with digest authentication

From: Jones, James <jjones2_at_novetta.com>
Date: Wed, 22 Nov 2017 09:06:55 -0500

After a little experimentation I found that using -trace-ascii was indeed
the same as not using it.
I am passing 2 urls. When I look at the output from Firebug on Firefox I
see two urls listed.
one as Request URL:https://192.168.102.102/quarters/reports, the other is
Remote address 192..168.102.102:443

If I use the -x with the Remote address I get the following return: curl:
(4) Unsupported proxy 'https://192.168.102.102:443', libcurl is built
without the HTTPS-proxy support.
If I use what I have with -v I get this where Remote address is acting as a
proxy and muddling through various status codes in the path client to proxy
to data server and back.
BTW the proxy is a reverse proxy with https in and data server is https in
The client is a Windows 10 box the other two are running in an Oracle
VirtualBox Centos7 VM also on the Windows box..

C:\curl>curl -k -v --digest -u admin:password https://192.168.102.102:443
-L https://192.168.102.102/quarters/reports/
* Rebuilt URL to: https://192.168.102.102:443/
* timeout on name lookup is not supported
* Trying 192.168.102.102...
* TCP_NODELAY set
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* schannel: SSL/TLS connection with 192.168.102.102 port 443 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the
supplied target name with the subject names in server certificates.
----- shortened to save space ----
* schannel: stored credential handle in session cache
* Server auth using Digest with user 'admin'
> GET / HTTP/1.1
> Host: 192.168.102.102
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
----- shortened to save space ----
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 995
< Content-Security-Policy: frame-ancestors chrome-extension://*
< Content-Type: text/html; charset=utf-8
< Last-Modified: Tue, 07 Nov 2017 17:26:43 GMT
< Pragma: private
< Set-Cookie: abcde=NDg3NDllYmMtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
<
<!DOCTYPE html> --- this is the body return from the proxy
<html>

<head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <link rel="stylesheet" href="css/all.css">

    <title>APP</title>
    <link rel="icon" type="image/ico" href="images/favicon.ico" />
</head>

<body>
    <div style="margin: 10px auto;width: 200px;text-align: center;">
      <button class="userbutton" onclick="onLogin()" id="login"
style="margin: 0px">Login</button>
    </div>
    <div style="margin: 10px auto;width: 200px;text-align: center;">
      <button class="userbutton" onclick="onForgotPassword()"
id="forgot_password" style="margin: 10px 0px 0px 0px">Forgot
Password</button>
    </div>
    <br/>
    <div id="services" class="buttons"></div>
    <img src="images/logo.png" onclick="onLogoClick()" class="logo">
    <script>
        function onLogin() {
            window.location = "/login";
        }
        function onForgotPassword() {
            window.location = "/forgotpassword.html"
        }
    </script>
</body>

</html>
* Connection #0 to host 192.168.102.102 left intact
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET /quarters/reports/ HTTP/1.1
> Host: 192.168.102.102
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
------- shortened to save space ------------
< HTTP/1.1 303 See Other
< Content-Security-Policy: frame-ancestors chrome-extension://*
< Location: /login/?_dc=2017-11-22 08:30:19.172330956 -0500
EST&redirect=/quarters/reports/
< Pragma: private
< Set-Cookie: abcde=NDg3ZDFiMjgtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Content-Length: 108
< Content-Type: text/html; charset=utf-8
<
* Ignoring the response-body
* Connection #0 to host 192.168.102.102 left intact
* Issue another request to this URL: '
https://192.168.102.102/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
'
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET
/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
HTTP/1.1
> Host: 192.168.102.102
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
----------- shortened to save space -----------------
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 401 Unauthorized
< Content-Security-Policy: frame-ancestors chrome-extension://*
< Content-Type: text/plain
< Pragma: private
< Set-Cookie: abcde=NDg4NGRkZTAtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< Www-Authenticate: Digest realm="192.168.102.102",
nonce="mDfGRg5j2fdpt930", opaque="x7bmsxsxnds3w+RO", algorithm="MD5",
qop="auth"
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Content-Length: 17
<
* Ignoring the response-body
* Connection #0 to host 192.168.102.102 left intact
* Issue another request to this URL: '
https://192.168.102.102/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
'
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET
/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/
HTTP/1.1
> Host: 192.168.102.102
> Authorization: Digest
username="admin",realm="192.168.102.102",nonce="mDfGRg5j2fdpt930",uri="/login/?_dc=2017-11-22+08:30:19.172330956+-0500+EST&redirect=/quarters/reports/",cnonce="85d557a3bd140e94944f3d139a8353be",nc=00000001,algorithm=MD5,response="2d5aab9e5a8ea4eb2e6689ed81b1b722",qop="auth",opaque="x7bmsxsxnds3w+RO"
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
------------shortened to save space -------------------
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 303 See Other
< Authentication-Info: qop="auth",
rspauth="9362d7ef780c9520c6ec388bf7104df7",
cnonce="85d557a3bd140e94944f3d139a8353be", nc="00000001"
< Location: /quarters/reports/
< Set-Cookie: abcde=NDg4ZGJjOTQtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Content-Length: 43
< Content-Type: text/html; charset=utf-8
<
* Ignoring the response-body
* Connection #0 to host 192.168.102.102 left intact
* Issue another request to this URL: '
https://192.168.102.102/quarters/reports/'
* Found bundle for host 192.168.102.102: 0x2704920 [can pipeline]
* Re-using existing connection! (#0) with host 192.168.102.102
* Connected to 192.168.102.102 (192.168.102.102) port 443 (#0)
* Server auth using Digest with user 'admin'
> GET /quarters/reports/ HTTP/1.1
> Host: 192.168.102.102
> Authorization: Digest
username="admin",realm="192.168.102.102",nonce="mDfGRg5j2fdpt930",uri="/quarters/reports/",cnonce="85d557a3bd140e94944f3d139a8353be",nc=00000002,algorithm=MD5,response="09f255dcda3a3d569bad105ebf59ad97",qop="auth",opaque="x7bmsxsxnds3w+RO"
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
----------- shortened to save space ------------
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 200 OK
< Authentication-Info: qop="auth",
rspauth="2c6860675660bd529a5238821048b707",
cnonce="85d557a3bd140e94944f3d139a8353be", nc="00000002"
< Content-Type: application/json
< Date: Wed, 22 Nov 2017 13:30:19 GMT
< Set-Cookie: abcde=NDg5NzFiZTAtY2Y4OS0xMWU3LTk2ZjktMDgwMDI3ZmFiMGZl;
Path=/; Secure
< Strict-Transport-Security: max-age=16070400; includeSubDomains
< Vary: Accept-Encoding
< X-Content-Type-Options: nosniff
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Frame-Options: SAMEORIGIN
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Transfer-Encoding: chunked
<
[
 {
  "searchID": "d069a69e-cebe-11e7-b621-080027fab0fe",
---------- this is the json formatted body from the request --------------
  "lastModified": "0001-01-01T00:00:00Z"
 }
]* Connection #0 to host 192.168.102.102 left intact

On Tue, Nov 21, 2017 at 5:55 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Tue, 21 Nov 2017, Jones, James wrote:
>
> However when I dropped the "-x":
>> curl -k --digest -u admin:password https://192.168.102.102:443 -L
>> https://192.168.102.102/quarters/reports/ -trace-ascii
>>
>
> Here you give curl two URLs, "https://192.168.102.102:443" and "
> https://192.168.102.102/quarters/reports/" which seems you might not have
> intended. Further "-trace-ascii" is not "--trace-ascii -" but is actually
> "-t race-ascii" which thus attempts to set a telnet option called
> "race-ascii" (which will be silently ignored).
>
> --
>
> / daniel.haxx.se
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
> 

-- 
[image: www.novetta.com]
*James Jones*
Software Engineer
FBNC
Email  jjones2@novetta.com <http://www.novetta.com/>
Office 910-243-6665

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-11-22