curl-library
BAD REQUEST with curl but not with s_client
Date: Thu, 6 Sep 2012 08:17:10 +0200
Hi Guys
I have to help out in a project where i encounter the following problem:
With s_client from openssl i can do a HTTPS SOAP call to a specified server without any problems.
When calling exactly the same request with cURL, the Server responses with a 400 Bad Request.
I traced the connection and can not find any differences (but there must be any differences).
The traces are attached (i stripped out some infos: "0000" = stripped out).
Any ideas what i'm doing wrong?
CONNECTED(00000003)
depth=2 /C=CH/O=0000 Genossenschaft/CN=0000 Root CA 1
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=CH/O=0000 Genossenschaft/OU=Informatik/CN=servicescsm2.0000.ch
i:/DC=CH/DC=0000/O=0000/CN=0000 System CA 1
1 s:/C=CH/O=0000 Genossenschaft/CN=0000 Root CA 1
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
2 s:/DC=CH/DC=0000/O=0000/CN=0000 System CA 1
i:/C=CH/O=0000 Genossenschaft/CN=0000 Root CA 1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIKXnNM8AAAAAAQEzANBgkqhkiG9w0BAQUFADBUMRIwEAYK
CZImiZPyLGQBGRYCQ0gxFDASBgoJkiaJk/IsZAEZFgRDb29wMQ0wCwYDVQQKEwRD
b29wMRkwFwYDVQQDExBDb29wIFN5c3RlbSBDQSAxMB4XDTEyMDgwOTA5MTUxNloX
DTE1MDgwOTA5MTUxNlowXzELMAkGA1UEBhMCQ0gxHDAaBgNVBAoTE0Nvb3AgR2Vu
b3NzZW5zY2hhZnQxEzARBgNVBAsTCkluZm9ybWF0aWsxHTAbBgNVBAMTFHNlcnZp
Y2VzY3NtMi5jb29wLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
rbdjT1Q+9nD/hj2qf+6gPV31RO9Qt0Jzr5M1cA7WMlpUARzZkZGeUpjiWA7YsU4a
dtS2DkglIirEXHLZMxS/JAQ6/pIWF/JYNidOayX52znmAV8FXsP1ionPGPH0ftSJ
NjgQKk+VPeJ0HEVcmWHbjU60Z9SK9zmb+sgx2+BXDSz8c9CFV9XjdeONRDXeZjCd
o5MKL83x2puY9I2AawW7OktgX2aefHq6A/xfVL7nAtaeMlm0blLpmMbhNvefqUsT
HWGlzPs06X7PKh3rYjml1PHCTebzO0RxojmC+bptdfroyPROQKnx4D61ZBGPaJC0
bsE9HApczGSVBNX1zz0O/wIDAQABo4ICWDCCAlQwOwYJKwYBBAGCNxUHBC4wLAYk
KwYBBAGCNxUIh/KDRofUgV65kROD2vQchr6BZB+BwkuC3qgwAgFkAgEVMB0GA1Ud
JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwPQYDVR0g
BDYwNDAyBgorBgEEAZ80AAEBMCQwIgYIKwYBBQUHAgEWFmh0dHA6Ly93d3cuY29v
cC5jaC9wa2kwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcD
ATAdBgNVHQ4EFgQUyAUaKFRh7CVhuzvMIlkF5hD4qdkwHwYDVR0jBBgwFoAUYUcl
43f/WsIt733DL7r1Ey2AD3swgfsGA1UdHwSB8zCB8DCB7aCB6qCB54YkaHR0cDov
L2NybC5jb29wLmNoL0Nvb3BTeXN0ZW1DQTEuY3JshoG+bGRhcDovLy9DTj1Db29w
JTIwU3lzdGVtJTIwQ0ElMjAxLENOPXN2cm0xcGtpY2EwMSxDTj1DRFAsQ049UHVi
bGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlv
bixEQz1jb29wLERDPWNoP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9v
YmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDBABggrBgEFBQcBAQQ0MDIw
MAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuY29vcC5jaC9Db29wU3lzdGVtQ0ExLmNy
dDANBgkqhkiG9w0BAQUFAAOCAQEANVhUVm52oNEFx/MbAusPNT/V4+Onh6S5ZnMq
VtZbBScZ1QmxfHNi827Px7Qmn/4QXSIKRF03WmBGsKoY6N9QNWToi/TbHbNRB/+u
LXxiPz+Fyo4zOA+aenkc0wrLfLzuqZbM7Lom0sGD33+9PQwISP6TGWFOxzwiB50x
bFZMftH//d/rrdj0X30y9uLI3EeIEEQQ0r4z0sHbaJVv0CvyC05JK+MGubswGccI
3jiApzw8+iNqIc9NGbAyjX8vJcUn+lkLIBwwgIhH2e8Ude0JGAGXkcdhM1qjFLg8
x6krccweJ1ZI/hPUW/u9iaDziiN9ho2Q0qlWRWNOtHHCEx4tJQ==
-----END CERTIFICATE-----
subject=/C=CH/O=0000 Genossenschaft/OU=Informatik/CN=servicescsm2.0000.ch
issuer=/DC=CH/DC=0000/O=0000/CN=0000 System CA 1
---
No client certificate CA names sent
---
SSL handshake has read 4281 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: E42B152527446B4D78FA07379238DB3E32F255948072091048CB1A5995634221
Session-ID-ctx:
Master-Key: 00000
Key-Arg : None
Start Time: 1346744527
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
POST /sap/bc/srt/rfc/sap/zcrm_loy_get_agb/751/zcrm_loy_get_agb/zcrm_loy_get_agb HTTP/1.1
Authorization: Basic 00000==
Host: servicesCSM2.0000.ch
Accept-Encoding: gzip,deflate
Content-type: text/xml;charset=UTF-8
SOAPAction: ""
User-Agent: Jakarta Commons-HttpClient/3.1
Content-Length: 368
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:sap-com:document:sap:soap:functions:mc-style"><SOAP-ENV:Body><ns1:ZcrmLoyGetAgb><ItInput><item><Key>SUPERCARD</Key><Value>2501054982468</Value></item><item><Key>AGB_CHANNEL</Key><Value>SUPERCARD</Value></item></ItInput></ns1:ZcrmLoyGetAgb></SOAP-ENV:Body></SOAP-ENV:Envelope>
HTTP/1.1 200 OK
Date: Tue, 04 Sep 2012 07:42:18 GMT
Server: Apache
Set-Cookie: AL_SESS-S=AAABLmQOPRo0MzRmMDY1Y2ZjMGVlZmEwNWI3ZjI3MjBlMGI4NTJkZQAAZDXCwm_U5IEjiBmZ1WWonXkb8x8=; path=/; secure
Content-Length: 323
accept: text/xml
sap-srt_id: 20120904/094219/v1.00_final_6.40/5044FCA8A1D50E30E10080000A0501D9
sap-srt_server_info: CSM_751,53 ,urn:sap-com:document:sap:soap:functions:mc-style,ZCRM_LOY_GET_AGB,ZcrmLoyGetAgb,14
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: text/xml; charset=utf-8
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Header/><soap-env:Body><n0:ZcrmLoyGetAgbResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style"><EtOutput><item><Key>SUCCESSFUL</Key><Value/></item></EtOutput></n0:ZcrmLoyGetAgbResponse></soap-env:Body></soap-env:Envelope>closed
== Info: About to connect() to servicesCSM2.0000.ch port 443 (#0)
== Info: Trying 192.168.252.108... == Info: connected
== Info: Connected to servicesCSM2.0000.ch (192.168.252.108) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info: CAfile: none
CApath: /etc/ssl/certs
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 115 bytes (0x73)
0000: ...o..PE..u.C..o...'....t..LR.C..3...6..(.9.8.5.......3.2./.....
0040: ...............................servicesCSM2.0000.ch
== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 85 bytes (0x55)
0000: ...Q..PE.-.,=L......S..*6tI~B.z.....:@ ..i.Q......SB..?.JS.n..m.
0040: /\.z..n.5............
== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 4122 bytes (0x101a)
0000: ..........0...0..y.......^sL.......0...*.H........0T1.0.....&...
0040: ,d....CH1.0.....&...,d....00001.0...U....00001.0...U....0000 Sys
0080: tem CA 10...120809091516Z..150809091516Z0_1.0...U....CH1.0...U..
00c0: ..0000 Genossenschaft1.0...U....Informatik1.0...U....servicescsm
0100: 2.0000.ch0.."0...*.H.............0..........cOT>.p..=...=].D.P.
0140: Bs..5p..2ZT......R..X...N.v...H%"*.\r.3..$.:.....X6'Nk%..9.._.^.
0180: .......~..68.*O.=.t.E\.a..N.g...9...1..W.,.s..W..u..D5.f0..../..
01c0: ......k..:K`_f.|z..._T.....2Y.nR....6...K..a...4.~.*..b9....M..;
0200: Dq.9...mu....N@...>.d..h..n.=..\.d.....=..........X0..T0;..+....
0240: .7....0,.$+.....7.....F...^..........d...K...0..d...0...U.%..0..
0280: .+.........+.......0...U...........0=..U. .60402..+.....4...0$0"
02c0: ..+.........http://www.0000.ch/pki0'..+.....7....0.0...+.......0
0300: ...+.......0...U.........(Ta.%a.;."Y......0...U.#..0...aG%.w.Z.-
0340: .}./...-..{0....U.....0..0.........$http://crl.0000.ch/0000Syste
0380: mCA1.crl...ldap:///CN=0000%20System%20CA%201,CN=svrm1pkica01,CN=
03c0: CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=c
0400: oop,DC=ch?certificateRevocationList?base?objectClass=cRLDistribu
0440: tionPoint0@..+........40200..+.....0..$http://aia.0000.ch/0000Sy
0480: stemCA1.crt0...*.H.............5XTVnv.........5?.......fs*V.[.'.
04c0: ...|sb.n...&...]".D]7Z`F.....P5d......Q...-|b??...38..zy....|...
0500: ....&.....=..H...aN.<"..1lVL~........_}2....G..D...3...h.o.+..N
0540: I+....0....8..<<.#j!.M..2./%.'.Y. .0..G...u.......a3Z...<..+q..
0580: 'VH...[......#}.....VEcN.q...-%...0...0............0...*.H......
05c0: ..0E1.0...U....BM1.0...U....QuoVadis Limited1.0...U....QuoVadis
0600: Root CA 30...090707181500Z..290707181255Z0D1.0...U....CH1.0...U.
0640: ...0000 Genossenschaft1.0...U....0000 Root CA 10.."0...*.H......
0680: .......0.........$.>..;G7..z"u.m...!....&..0>.y..v.m.eH......_o%
06c0: x...v...b*........0:.L^o&k;2...1..._.)R.&Z.....T.K..snr4...x..:
0700: ]..GB..1..'..d.....3p.<E...V.<. ..W..]...L...D...6.C.t.'....>.K.
0740: ....cb./4JV.x$K[.'r"..F.]...../.|DQ:...%..........?.pb\..[2'....
0780: {.....!...E/.E...........0...0...U.......0....0....U. ...0..0...
07c0: .+.....X...H.0..0....+.......0.....Reliance on the 0000 Root Cer
0800: tificate by any party assumes acceptance of the then applicable
0840: 0000 Certificate Policy and Certification Practice Statement.0".
0880: .+.........http://www.0000.ch/pki0...U........0n..U.#.g0e.......
08c0: C>../g2.5\......I.G0E1.0...U....BM1.0...U....QuoVadis Limited1.0
0900: ...U....QuoVadis Root CA 3....09..U...2000..,.*.(http://crl.quov
0940: adisglobal.com/qvrca3.crl0...U.......d.....q..G..%./'AN.0...*.H.
0980: ..............k.....RDi...w.W.EP....}&w.._at_c/..S`.D..?..W.G.RV..
09c0: ....+CKHS.................%:.L....3U.t./.......G.._at_t..1....g0;c.
0a00: ..Wao .F.+."..z..<^.......S8CT\..O...j..NRkf+.5@..H.k.&..6..._.
0a40: ....u...hv_...m=V....R._.(.)%............~......=.B#c.u$..C.9R..
0a80: .O..]...|.../,.t.JGf.?5...6.O1.oo....c....BC...hX....L~..C....t
0ac0: @..R....U.A..(......%.....@....[...C....V..K.!. 6..%.......1..).
0b00: .....~0~_.z....E.5J..PbaQ.8...-.....d......B7.1......+.....d....
0b40: ....X4&.u...../........s?T:.....f.@.=7$.R...J.......V.=.....Ks.
0b80: ..x.hU1....9...0...0..o.......a~........0...*.H........0D1.0...U
0bc0: ....CH1.0...U....0000 Genossenschaft1.0...U....0000 Root CA 10..
0c00: .090807093411Z..190805093411Z0T1.0.....&...,d....CH1.0.....&...,
0c40: d....00001.0...U....00001.0...U....0000 System CA 10.."0...*.H..
0c80: ...........0.............V..X..x...L..._.^..7<P..t.CH.<."s..-#..
0cc0: .!4.i..I7F%...O..|.....N...w+.../..q.v.........G+A.Bu......,.tr.
0d00: AC...l..>............m..'...!1...'..)k ...D.D.z....h...INU......
0d40: ..[....:2..e.|m.qM<....t.C'..0.[P.._at_y.w..<..n...N..z..v..J3.B`..
0d80: .{..Ds....s(......e.........i0..e0...U.......0.......0...U......
0dc0: aG%.w.Z.-.}./...-..{0...U........0...+.....7.......0=..U. .60402
0e00: ..+.....4...0$0"..+.........http://www.0000.ch/pki0<..+.....7...
0e40: /0-.%+.....7.....F...^..........d....S...e..d...0...U.#..0....d.
0e80: ....q..G..%./'AN.03..U...,0*0(.&.$."http://crl.0000.ch/0000RootC
0ec0: A1.crl0>..+........2000...+.....0.."http://aia.0000.ch/0000RootC
0f00: A1.crt0...*.H.............z...j,..^....... 8j.L...2........+0(B.
0f40: ...S.cK..&...nap..5Vp}R.q.a/*VU{[.bL.oe..9.z.^..S.`......6...g..
0f80: .6..A...4....G86y..z...j.E..(.`..B.r.r..{j-|....x..A/..g.1..]...
0fc0: .=l.:.j..UH.p.:.....V...H{c.4.d..2.9..YH.\.?m..'....q..........Z
1000: g....T..E.@@0...i.q.'.`F3T
== Info: SSLv3, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
== Info: SSLv3, TLS handshake, Client key exchange (16):
=> Send SSL data, 262 bytes (0x106)
0000: ......n-.?.'.VD.....8}.u.....N...;...".v.....yV..^t..{.....1.3..
0040: g5Y. .....w ...)...[f'e.8.a.9qD.`...3-.d7..EW<:.@\Q`e...D._at_O....
0080: ]8.EX[@*2k#.....D........-|X.Px@.N.N....+...K.....)...t........0
00c0: .7.o...1.w..'..gZ...*j ......F..n...i^c.3......E.[...-....0.=u.
0100: K.*..}
== Info: SSLv3, TLS change cipher, Client hello (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: .....)..e.^=k.v8
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: SSLv3, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: ......5]...~....
== Info: SSL connection using AES256-SHA
== Info: Server certificate:
== Info: subject: C=CH; O=0000 Genossenschaft; OU=Informatik; CN=servicescsm2.0000.ch
== Info: start date: 2012-08-09 09:15:16 GMT
== Info: expire date: 2015-08-09 09:15:16 GMT
== Info: common name: servicescsm2.0000.ch (matched)
== Info: issuer: DC=CH; DC=0000; O=0000; CN=0000 System CA 1
== Info: SSL certificate verify ok.
== Info: Server auth using Basic with user 'INC7-I00001'
=> Send header, 325 bytes (0x145)
0000: POST /sap/bc/srt/rfc/sap/zcrm_loy_get_agb/751/zcrm_loy_get_agb/z
0040: crm_loy_get_agb HTTP/1.1
005a: Authorization: Basic 0000==
0091: Host: servicesCSM2.0000.ch
00ad: Accept-Encoding: gzip,deflate
00cc: Content-type: text/xml;charset=UTF-8
00f2: SOAPAction: ""
0102: User-Agent: Jakarta Commons-HttpClient/3.1
012e: Content-Length: 368
0143:
=> Send data, 368 bytes (0x170)
0000: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/so
0040: ap/envelope/" xmlns:ns1="urn:sap-com:document:sap:soap:functions
0080: :mc-style"><SOAP-ENV:Body><ns1:ZcrmLoyGetAgb><ItInput><item><Key
00c0: >0000</Key><Value>0000</Value></item><item><Key>AG
0100: B_CHANNEL</Key><Value>0000</Value></item></ItInput></ns1:Zc
0140: rmLoyGetAgb></SOAP-ENV:Body></SOAP-ENV:Envelope>
<= Recv header, 26 bytes (0x1a)
0000: HTTP/1.1 400 Bad Request
<= Recv header, 37 bytes (0x25)
0000: Date: Tue, 04 Sep 2012 07:47:57 GMT
<= Recv header, 16 bytes (0x10)
0000: Server: Apache
<= Recv header, 21 bytes (0x15)
0000: Content-Length: 347
<= Recv header, 19 bytes (0x13)
0000: Connection: close
<= Recv header, 45 bytes (0x2d)
0000: Content-Type: text/html; charset=iso-8859-1
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 347 bytes (0x15b)
0000: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.
0040: <title>400 Bad Request</title>.</head><body>.<h1>Bad Request</h1
0080: >.<p>Your browser sent a request that this server could not unde
00c0: rstand.<br />.</p>.<p>Additionally, a 400 Bad Request.error was
0100: encountered while trying to use an ErrorDocument to handle the r
0140: equest.</p>.</body></html>.
== Info: Closing connection #0
== Info: SSLv3, TLS alert, Client hello (1):
=> Send SSL data, 2 bytes (0x2)
0000: ..
Thanks
-- </jonas>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/pkcs7-signature attachment: smime.p7s