Buy commercial curl support from
WolfSSL. We help you work out your issues, debug your libcurl
applications, use the API, port to new platforms, add new features and more.
With a team lead by the curl founder himself.
Re: Help: TLS server receives a large amount of Authorization information along with application data
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dan Fandrich via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 28 Mar 2024 16:01:33 -0700
On Thu, Mar 28, 2024 at 01:56:07PM -0400, Jason Qian via curl-users wrote:
> We are running a C++ server(with TLS 1.2 OpenSSL 1.1.1n). The clients are in C
> #, Java and C++;
> All clients work fine, but when using C++ client, the server receives a large
> amount of Authorization information along with application data.
What do you mean by "large amount"? What exactly is "Authorization
information"? Are you talking about a very long Authorization: header line?
This is expected when HTTP authorization is enabled.
> (C#, Java client are not sending those information)
>
> GET /data//somehost-1/ddt//ds-1117482431063112572/2.out HTTP/1.1
> Host: somehost .dev.xx.com:27159
> Authorization: Negotiate YIIMmQYGKwYBBQUCoIIMjTCCDImgMDAuBgkqhkiC9xIBAg......
>
>
> The C++ client is using CURL [7.83.0] with OpenSSL 1.1.1n.
> with following setting:
>
> curl_easy_setopt(curl, CURLOPT_CAINFO, "ssl.pem");
>
> //For client authentication
> curl_easy_setopt(_curl, CURLOPT_SSLCERT, "server.crt");
> curl_easy_setopt(_curl, CURLOPT_SSLKEY, "key.pem");
I suspect you're leaving out some setopts here, and you didn't say what
platform this is on. If this is Windows or a Kerberos site and authorization
has been enabled in libcurl, it's expected that an Authorization: Negotiate
header will be added.
Date: Thu, 28 Mar 2024 16:01:33 -0700
On Thu, Mar 28, 2024 at 01:56:07PM -0400, Jason Qian via curl-users wrote:
> We are running a C++ server(with TLS 1.2 OpenSSL 1.1.1n). The clients are in C
> #, Java and C++;
> All clients work fine, but when using C++ client, the server receives a large
> amount of Authorization information along with application data.
What do you mean by "large amount"? What exactly is "Authorization
information"? Are you talking about a very long Authorization: header line?
This is expected when HTTP authorization is enabled.
> (C#, Java client are not sending those information)
>
> GET /data//somehost-1/ddt//ds-1117482431063112572/2.out HTTP/1.1
> Host: somehost .dev.xx.com:27159
> Authorization: Negotiate YIIMmQYGKwYBBQUCoIIMjTCCDImgMDAuBgkqhkiC9xIBAg......
>
>
> The C++ client is using CURL [7.83.0] with OpenSSL 1.1.1n.
> with following setting:
>
> curl_easy_setopt(curl, CURLOPT_CAINFO, "ssl.pem");
>
> //For client authentication
> curl_easy_setopt(_curl, CURLOPT_SSLCERT, "server.crt");
> curl_easy_setopt(_curl, CURLOPT_SSLKEY, "key.pem");
I suspect you're leaving out some setopts here, and you didn't say what
platform this is on. If this is Windows or a Kerberos site and authorization
has been enabled in libcurl, it's expected that an Authorization: Negotiate
header will be added.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-03-29