Closed
Description
I did this
In version 7.48.0 changelog: "Proxy-Connection: stop sending this header by default"
Source issue #633
"NTLM authentication cannot be used if an intervening proxy does not support keep-alive connections." (msdn)
Without the 'Proxy-Connection' header, --proxy-ntlm
fails.
Maybe related issue: #876
curl 7.50.1 command:
$ curl --proxy-ntlm --proxy-user "MyDomain\ntlmtest:test" --proxy proxy.estest.intra:3128 -v https://example.com/file * Trying 101.102.103.104... * Connected to proxy.estest.intra (101.102.103.104) port 3128 (#0) * Establish HTTP proxy tunnel to example.com:443 * Proxy auth using NTLM with user 'MyDomain\ntlmtest' > CONNECT example.com:443 HTTP/1.1 > Host: example.com:443 > Proxy-Authorization: NTLM TlRMTVNTUAA...AAAAAAAA= > User-Agent: curl/7.50.1 > < HTTP/1.0 407 Proxy Authentication Required < Server: squid/2.7.STABLE5 < Date: Thu, 11 Aug 2016 08:17:15 GMT < Content-Type: text/html < Content-Length: 1330 < X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 < Proxy-Authenticate: Basic realm="Squid proxy-caching web server" < X-Cache: MISS from intra.my.domain.com < X-Cache-Lookup: NONE from intra.my.domain.com:3128 < Via: 1.0 intra.my.domain.com:3128 (squid/2.7.STABLE5) < Connection: close < * Ignore 1330 bytes of response-body * Received HTTP code 407 from proxy after CONNECT * Closing connection 0 curl: (56) Received HTTP code 407 from proxy after CONNECT
I expected the following
same command with 7.47.1
$c:/programs/curl/7.47.1/curl --proxy-ntlm --proxy-user "MyDomain\ntlmtest:test" --proxy proxy.estest.intra:3128 -v https://example.com/file * Trying 101.102.103.104... * Connected to proxy.estest.intra (101.102.103.104) port 3128 (#0) * Establish HTTP proxy tunnel to example.com:443 * Proxy auth using NTLM with user 'MyDomain\ntlmtest' > CONNECT example.com:443 HTTP/1.1 > Host: example.com:443 > Proxy-Authorization: NTLM TlRMTVNTUAA...AAAAAAAA= > User-Agent: curl/7.47.1 > Proxy-Connection: Keep-Alive > < HTTP/1.0 407 Proxy Authentication Required < Server: squid/2.7.STABLE5 < Date: Thu, 11 Aug 2016 09:18:33 GMT < Content-Type: text/html < Content-Length: 1330 < X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 < Proxy-Authenticate: NTLM TlRMTVNTUAA.....AuAGgAdQAAAAAA < X-Cache: MISS from intra.my.domain.com < X-Cache-Lookup: NONE from intra.my.domain.com:3128 < Via: 1.0 intra.my.domain.com:3128 (squid/2.7.STABLE5) < Connection: keep-alive < Proxy-Connection: keep-alive < * Ignore 1330 bytes of response-body * TUNNEL_STATE switched to: 0 * Establish HTTP proxy tunnel to example.com:443 * Proxy auth using NTLM with user 'MyDomain\ntlmtest' > CONNECT example.com:443 HTTP/1.1 > Host: example.com:443 > Proxy-Authorization: NTLM TlRMTVNTUAA........1GRUpMMTM= > User-Agent: curl/7.47.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request ....
command on 7.50.1. with --proxy-header proxy-connection:keep-alive
extra options
$ curl --proxy-ntlm --proxy-user "MyDomain\ntlmtest:test" --proxy proxy.estest.intra:3128 --proxy-header proxy-connection:keep-alive -v https://example.com/file * Trying 101.102.103.104... * Connected to proxy.estest.intra (101.102.103.104) port 3128 (#0) * Establish HTTP proxy tunnel to example.com:443 * Proxy auth using NTLM with user 'MyDomain\ntlmtest' > CONNECT example.com:443 HTTP/1.1 > Host: example.com:443 > Proxy-Authorization: NTLM TlRMTVNTUAA...AAAAAAA= > User-Agent: curl/7.50.1 > proxy-connection:keep-alive > < HTTP/1.0 407 Proxy Authentication Required < Server: squid/2.7.STABLE5 < Date: Thu, 11 Aug 2016 08:18:55 GMT < Content-Type: text/html < Content-Length: 1330 < X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 < Proxy-Authenticate: NTLM TlRMTVNTUAA.....AuAGgAdQAAAAAA < X-Cache: MISS from intra.my.domain.com < X-Cache-Lookup: NONE from intra.my.domain.com:3128 < Via: 1.0 intra.my.domain.com:3128 (squid/2.7.STABLE5) < Connection: keep-alive < Proxy-Connection: keep-alive < * Ignore 1330 bytes of response-body * TUNNEL_STATE switched to: 0 * Establish HTTP proxy tunnel to example.com:443 * Proxy auth using NTLM with user 'MyDomain\ntlmtest' > CONNECT example.com:443 HTTP/1.1 > Host: example.com:443 > Proxy-Authorization: NTLM TlRMTVNTUAA........1GRUpMMTM= > User-Agent: curl/7.50.1 > proxy-connection:keep-alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request ....
curl/libcurl version
$ curl -V curl 7.50.1 (x86_64-pc-win32) libcurl/7.50.1 OpenSSL/1.0.2g Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM SSL $ c:/programs/curl/7.47.1/curl -V curl 7.47.1 (x86_64-pc-win32) libcurl/7.47.1 OpenSSL/1.0.2g Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM SSL The same with ENABLE_SSPI=yes versions of above.