On Wed, May 21, 2014 at 8:56 PM, Schroeteler, Thorsten <[email protected]> wrote: > Dear wget maintainers, > > I am using wget in a corporate environment behind an ISA proxy with ntlm > authentification. > We are using cntlm (version 0.92.3) for ntlm authentification. > This works well for all http packet receiving tools (like browsers, > curl, lynx, apt, etc). > Except wget from version 1.13 onwards, which produces the following > error: > > [~/Downloads/wget-1.13.4]$ ./src/wget http://ftp.debian.org > --2014-05-21 14:49:38-- http://ftp.debian.org/ > Resolving srv1... 192.168.44.5 > Connecting to srv1|192.168.44.5|:3128... connected. > Proxy request sent, awaiting response... 407 Proxy Authentication > Required ( The ISA Server requires authorization to fulfil the request. > Access to the Web Proxy filter is denied. ) > 2014-05-21 14:49:38 ERROR 407: Proxy Authentication Required ( The ISA > Server requires authorization to fulfil the request. Access to the Web > Proxy filter is denied. ). > > The same occurs with the -no-http-keep-alive option: > > [~/Downloads/wget-1.13.4]$ ./src/wget --no-http-keep-alive > http://ftp.debian.org > --2014-05-21 14:49:52-- http://ftp.debian.org/ > Resolving srv1... 192.168.44.5 > Connecting to srv1|192.168.44.5|:3128... connected. > Proxy request sent, awaiting response... No data received. > Retrying. > > --2014-05-21 14:49:44-- (try: 2) http://ftp.debian.org/ > Connecting to srv1|192.168.44.5|:3128... connected. > Proxy request sent, awaiting response... 407 Proxy Authentication > Required ( The ISA Server requires authorization to fulfill the request. > Access to the Web Proxy filter is denied. ) > 2014-05-21 14:49:53 ERROR 407: Proxy Authentication Required ( The ISA > Server requires authorization to fulfill the request. Access to the Web > Proxy filter is denied. ). > > > svr1 is hosting the cntlm deamon. > wget-1.12 is working fine. > > In wget-1.13 if I replace the two request_set_header calls in http.c > (line 1683,1684) with one > for "Connection" "Keep-Alive" then the download is successful: > > if (inhibit_keep_alive) > request_set_header (req, "Connection", "Close", rel_none); > else > { > if (proxy == NULL) > request_set_header (req, "Connection", "Keep-Alive", rel_none); > else > { > //request_set_header (req, "Connection", "Close", rel_none); > //request_set_header (req, "Proxy-Connection", "Keep-Alive", > rel_none); > request_set_header (req, "Connection", "Keep-Alive", > rel_none); > } > } > > > I don't know whether this is rather a wget or an cntlm issue. I will > post this to the cntlm mailing list as well. > Any help is appreciated (it would be nice if we don't need to patch wget > in future ...). >
Hi Thorsten, Sorry for the delay in responding and thanks for reporting this to us. This does indeed look like a bug to me. When inhibit_keep_alive is not set, Wget should indeed be sending a Connection: Keep-Alive header and not close the connection. Unless there is some specification about working with proxies that I forget. I think this is a bug and needs to be fixed with the above provided solution. Does anyone here object? -- Thanking You, Darshit Shah
