Buy commercial curl support from
WolfSSL. We help you work out your issues, debug your libcurl
applications, use the API, port to new platforms, add new features and more.
With a team lead by the curl founder himself.
libcurl and s3/minio vs curl
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: R C via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 27 Mar 2024 18:25:34 -0600
Hello,
I am writing some c code using libcurl, in part, I want to do some
things in c code that I can do with curl (the cli command)
So this command works:
curl --insecure -o minio-hosts -H Date: Wed, 27 Mar 2024
23:43:23 +0000 -H Content-Type: application/zstd -H
Authorization: AWS rcroonen:/byqGczQvJ6PSmVriRbmmM86yqE=
https://minio-1.ib1:9000/rcroonen/test-bucket/hosts
(the insecure is because I am working with self signed certificates for
now. the 3 -H options are needed else the minio (object store) doesn't
return anything.
When I use the curl command there seems to be a TLS handshake going on.
Also, h2 and http1.1 is offered. (in the lib curl application, only
http1.1 is offered, and also there's no TLS handshake. the libcurl
application does connect, but then a "403 Forbidden" error is returned,
although it is the same object that I am trying to retrieve, same uid,
same passwd etc.
I can attach the verbose output from curl and also libcurl, but it is
somewhat long, hope no one minds (and if, I apologize):
libcurl application:
* Rebuilt URL to: https://minio-1.ib1/
* Trying 10.10.1.1...
* TCP_NODELAY set
* Connected to minio-1.ib1 (10.10.1.1) port 9000 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: O=Certgen Development; OU=root_at_devel01
* start date: Mar 22 20:58:51 2024 GMT
* expire date: Mar 22 20:58:51 2025 GMT
* subjectAltName: host "minio-1.ib1" matched cert's "minio-1.ib1"
* issuer: O=Certgen Development; OU=root_at_devel01
* SSL certificate verify result: self signed certificate (18),
continuing anyway.
> GET / HTTP/1.1
Host: minio-1.ib1:9000
Accept: */*
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 254
Content-Length: 254
< Content-Type: application/xml
Content-Type: application/xml
< Server: MinIO
Server: MinIO
< Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
Vary: Origin
< Vary: Accept-Encoding
Vary: Accept-Encoding
< X-Amz-Id-2:
7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432
X-Amz-Id-2: 7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432
< X-Amz-Request-Id: 17C0C3DEA0033AEA
X-Amz-Request-Id: 17C0C3DEA0033AEA
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
X-Xss-Protection: 1; mode=block
< Date: Wed, 27 Mar 2024 23:46:59 GMT
Date: Wed, 27 Mar 2024 23:46:59 GMT
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host minio-1.ib1 left intact
<Error><Code>AccessDenied</Code><Message>Access
Denied.</Message><Resource>/</Resource><RequestId>17C0C3DEA0033AEA</RequestId><HostId>7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432</HostId></Error>
curl verbose output:
* TCP_NODELAY set
* Connected to minio-1.ib1 (10.10.1.1) port 9000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [21 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [573 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: O=Certgen Development; OU=root_at_devel01
* start date: Mar 22 20:58:51 2024 GMT
* expire date: Mar 22 20:58:51 2025 GMT
* issuer: O=Certgen Development; OU=root_at_devel01
* SSL certificate verify result: self signed certificate (18),
continuing anyway.
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
> GET /rcroonen/test-bucket/hosts HTTP/1.1
> Host: minio-1.ib1:9000
> User-Agent: curl/7.61.1
> Accept: */*
> Date: Wed, 27 Mar 2024 23:43:23 +0000
> Content-Type: application/zstd
> Authorization: AWS rcroonen:/byqGczQvJ6PSmVriRbmmM86yqE=
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [122 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 2667
< Content-Type: application/octet-stream
< ETag: "51bf733f5dcae5073c151d9d257d6e83"
< Last-Modified: Tue, 26 Mar 2024 18:11:54 GMT
< Server: MinIO
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
< Vary: Accept-Encoding
< X-Amz-Id-2:
7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432
< X-Amz-Request-Id: 17C0C3AC7E4866BD
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Date: Wed, 27 Mar 2024 23:43:24 GMT
<
{ [662 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
100 2667 100 2667 0 0 88900 0 --:--:-- --:--:-- --:--:--
88900
Date: Wed, 27 Mar 2024 18:25:34 -0600
Hello,
I am writing some c code using libcurl, in part, I want to do some
things in c code that I can do with curl (the cli command)
So this command works:
curl --insecure -o minio-hosts -H Date: Wed, 27 Mar 2024
23:43:23 +0000 -H Content-Type: application/zstd -H
Authorization: AWS rcroonen:/byqGczQvJ6PSmVriRbmmM86yqE=
https://minio-1.ib1:9000/rcroonen/test-bucket/hosts
(the insecure is because I am working with self signed certificates for
now. the 3 -H options are needed else the minio (object store) doesn't
return anything.
When I use the curl command there seems to be a TLS handshake going on.
Also, h2 and http1.1 is offered. (in the lib curl application, only
http1.1 is offered, and also there's no TLS handshake. the libcurl
application does connect, but then a "403 Forbidden" error is returned,
although it is the same object that I am trying to retrieve, same uid,
same passwd etc.
I can attach the verbose output from curl and also libcurl, but it is
somewhat long, hope no one minds (and if, I apologize):
libcurl application:
* Rebuilt URL to: https://minio-1.ib1/
* Trying 10.10.1.1...
* TCP_NODELAY set
* Connected to minio-1.ib1 (10.10.1.1) port 9000 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: O=Certgen Development; OU=root_at_devel01
* start date: Mar 22 20:58:51 2024 GMT
* expire date: Mar 22 20:58:51 2025 GMT
* subjectAltName: host "minio-1.ib1" matched cert's "minio-1.ib1"
* issuer: O=Certgen Development; OU=root_at_devel01
* SSL certificate verify result: self signed certificate (18),
continuing anyway.
> GET / HTTP/1.1
Host: minio-1.ib1:9000
Accept: */*
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 254
Content-Length: 254
< Content-Type: application/xml
Content-Type: application/xml
< Server: MinIO
Server: MinIO
< Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
Vary: Origin
< Vary: Accept-Encoding
Vary: Accept-Encoding
< X-Amz-Id-2:
7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432
X-Amz-Id-2: 7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432
< X-Amz-Request-Id: 17C0C3DEA0033AEA
X-Amz-Request-Id: 17C0C3DEA0033AEA
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
X-Xss-Protection: 1; mode=block
< Date: Wed, 27 Mar 2024 23:46:59 GMT
Date: Wed, 27 Mar 2024 23:46:59 GMT
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host minio-1.ib1 left intact
<Error><Code>AccessDenied</Code><Message>Access
Denied.</Message><Resource>/</Resource><RequestId>17C0C3DEA0033AEA</RequestId><HostId>7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432</HostId></Error>
curl verbose output:
* TCP_NODELAY set
* Connected to minio-1.ib1 (10.10.1.1) port 9000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [21 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [573 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: O=Certgen Development; OU=root_at_devel01
* start date: Mar 22 20:58:51 2024 GMT
* expire date: Mar 22 20:58:51 2025 GMT
* issuer: O=Certgen Development; OU=root_at_devel01
* SSL certificate verify result: self signed certificate (18),
continuing anyway.
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
> GET /rcroonen/test-bucket/hosts HTTP/1.1
> Host: minio-1.ib1:9000
> User-Agent: curl/7.61.1
> Accept: */*
> Date: Wed, 27 Mar 2024 23:43:23 +0000
> Content-Type: application/zstd
> Authorization: AWS rcroonen:/byqGczQvJ6PSmVriRbmmM86yqE=
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [122 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 2667
< Content-Type: application/octet-stream
< ETag: "51bf733f5dcae5073c151d9d257d6e83"
< Last-Modified: Tue, 26 Mar 2024 18:11:54 GMT
< Server: MinIO
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
< Vary: Accept-Encoding
< X-Amz-Id-2:
7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432
< X-Amz-Request-Id: 17C0C3AC7E4866BD
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Date: Wed, 27 Mar 2024 23:43:24 GMT
<
{ [662 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
100 2667 100 2667 0 0 88900 0 --:--:-- --:--:-- --:--:--
88900
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-03-28