Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
No LDAP support on FreeBSD -- re-compile from source???
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Bill Anderson via curl-and-php <curl-and-php_at_lists.haxx.se>
Date: Wed, 2 Feb 2022 14:14:23 -0600
TL;DR -- LDAP doesn't work in the curl libraries available on FreeBSD.
Need help re-compiling libcurl from source with LDAP support!
Full explanation:
I am migrating my test/dev server from Ubuntu 20.04 to FreeBSD 13.0. The
server has a handful of public-facing web-apps, one of which is a Log4J
honeypot (written in PHP) that fetches & stores any URLs submitted with the
"jndi" expression tags, as well as any urls found within each of those
resources.
Most of the Log4J exploit-attempts/vulnerability-scans instruct the
vulnerable server to fetch an LDAP resource. When I was running this
honeypot under Ubuntu (with PHP version 7.4), I could use the curl library
in PHP to fetch these LDAP urls without an issue. (Note: I'd rather do
this with curl than with the specialized ldap library because of the
MultiCurlHandle which enables asynchronous fetching of multiple resources
at once... this doesn't look like it is possible with the php ldap library)
However, with FreeBSD (running PHP 8.1), whenever I use curl to get an ldap
resource, I get the following error:
Protocol "ldap" not supported or disabled in libcurl
Interestingly, curl run at the CLI on FreeBSD, requesting an ldap url,
returns the same error message. When I run the curl command at CLI in
Ubuntu, also requesting ldap, it seems to work fine. This would suggest
it's an issue with FreeBSD's port of libcurl, but I'm not really sure.
I tried following the instructions at https://curl.se/docs/install.html but
ran into some issues there. vcpkg wouldn't run as a command on the path
even after ./vcpkg integrate install , so I had to run it as "./vcpkg
install curl[tool,ldap]" from the directory where it lives. Doing this
returned the following error:
Package curl does not have a ldap feature
Note: Updating vcpkg by rerunning bootstrap-vcpkg may resolve this failure.
Of course, I had literally *just* installed vcpkg, but I tried re-running
it anyway and just got the same results.
Then I cloned the git repo for libcurl, but I can't seem to find the
configure script anywhere in it or any other instructions about how to
compile. So I'm really at a loss here.
Note that I was able to compile modsecurity with an nginx connector from
source code, on this FreeBSD system, so I'm not sure why curl is giving me
so much grief. Any help would be appreciated!
Thanks,
-Bill Anderson
p.s. Below is the output from var_dump(curl_version()); on the FreeBSD
system
array(16) {
["version_number"]=>
int(479232)
["age"]=>
int(9)
["features"]=>
int(288342941)
["ssl_version_number"]=>
int(0)
["version"]=>
string(6) "7.80.0"
["host"]=>
string(25) "amd64-portbld-freebsd13.0"
["ssl_version"]=>
string(14) "OpenSSL/1.1.1k"
["libz_version"]=>
string(6) "1.2.11"
["protocols"]=>
array(19) {
[0]=>
string(4) "dict"
[1]=>
string(4) "file"
[2]=>
string(3) "ftp"
[3]=>
string(4) "ftps"
[4]=>
string(6) "gopher"
[5]=>
string(7) "gophers"
[6]=>
string(4) "http"
[7]=>
string(5) "https"
[8]=>
string(4) "imap"
[9]=>
string(5) "imaps"
[10]=>
string(4) "pop3"
[11]=>
string(5) "pop3s"
[12]=>
string(4) "rtsp"
[13]=>
string(3) "scp"
[14]=>
string(4) "sftp"
[15]=>
string(4) "smtp"
[16]=>
string(5) "smtps"
[17]=>
string(6) "telnet"
[18]=>
string(4) "tftp"
}
["ares"]=>
string(0) ""
["ares_num"]=>
int(0)
["libidn"]=>
string(0) ""
["iconv_ver_num"]=>
int(0)
["libssh_version"]=>
string(14) "libssh2/1.10.0"
["brotli_ver_num"]=>
int(0)
["brotli_version"]=>Quin
string(0) ""
}
Date: Wed, 2 Feb 2022 14:14:23 -0600
TL;DR -- LDAP doesn't work in the curl libraries available on FreeBSD.
Need help re-compiling libcurl from source with LDAP support!
Full explanation:
I am migrating my test/dev server from Ubuntu 20.04 to FreeBSD 13.0. The
server has a handful of public-facing web-apps, one of which is a Log4J
honeypot (written in PHP) that fetches & stores any URLs submitted with the
"jndi" expression tags, as well as any urls found within each of those
resources.
Most of the Log4J exploit-attempts/vulnerability-scans instruct the
vulnerable server to fetch an LDAP resource. When I was running this
honeypot under Ubuntu (with PHP version 7.4), I could use the curl library
in PHP to fetch these LDAP urls without an issue. (Note: I'd rather do
this with curl than with the specialized ldap library because of the
MultiCurlHandle which enables asynchronous fetching of multiple resources
at once... this doesn't look like it is possible with the php ldap library)
However, with FreeBSD (running PHP 8.1), whenever I use curl to get an ldap
resource, I get the following error:
Protocol "ldap" not supported or disabled in libcurl
Interestingly, curl run at the CLI on FreeBSD, requesting an ldap url,
returns the same error message. When I run the curl command at CLI in
Ubuntu, also requesting ldap, it seems to work fine. This would suggest
it's an issue with FreeBSD's port of libcurl, but I'm not really sure.
I tried following the instructions at https://curl.se/docs/install.html but
ran into some issues there. vcpkg wouldn't run as a command on the path
even after ./vcpkg integrate install , so I had to run it as "./vcpkg
install curl[tool,ldap]" from the directory where it lives. Doing this
returned the following error:
Package curl does not have a ldap feature
Note: Updating vcpkg by rerunning bootstrap-vcpkg may resolve this failure.
Of course, I had literally *just* installed vcpkg, but I tried re-running
it anyway and just got the same results.
Then I cloned the git repo for libcurl, but I can't seem to find the
configure script anywhere in it or any other instructions about how to
compile. So I'm really at a loss here.
Note that I was able to compile modsecurity with an nginx connector from
source code, on this FreeBSD system, so I'm not sure why curl is giving me
so much grief. Any help would be appreciated!
Thanks,
-Bill Anderson
p.s. Below is the output from var_dump(curl_version()); on the FreeBSD
system
array(16) {
["version_number"]=>
int(479232)
["age"]=>
int(9)
["features"]=>
int(288342941)
["ssl_version_number"]=>
int(0)
["version"]=>
string(6) "7.80.0"
["host"]=>
string(25) "amd64-portbld-freebsd13.0"
["ssl_version"]=>
string(14) "OpenSSL/1.1.1k"
["libz_version"]=>
string(6) "1.2.11"
["protocols"]=>
array(19) {
[0]=>
string(4) "dict"
[1]=>
string(4) "file"
[2]=>
string(3) "ftp"
[3]=>
string(4) "ftps"
[4]=>
string(6) "gopher"
[5]=>
string(7) "gophers"
[6]=>
string(4) "http"
[7]=>
string(5) "https"
[8]=>
string(4) "imap"
[9]=>
string(5) "imaps"
[10]=>
string(4) "pop3"
[11]=>
string(5) "pop3s"
[12]=>
string(4) "rtsp"
[13]=>
string(3) "scp"
[14]=>
string(4) "sftp"
[15]=>
string(4) "smtp"
[16]=>
string(5) "smtps"
[17]=>
string(6) "telnet"
[18]=>
string(4) "tftp"
}
["ares"]=>
string(0) ""
["ares_num"]=>
int(0)
["libidn"]=>
string(0) ""
["iconv_ver_num"]=>
int(0)
["libssh_version"]=>
string(14) "libssh2/1.10.0"
["brotli_ver_num"]=>
int(0)
["brotli_version"]=>Quin
string(0) ""
}
-- curl-and-php mailing list curl-and-php_at_lists.haxx.se https://lists.haxx.se/listinfo/curl-and-phpReceived on 2022-02-02