For my application I use libcurl 7.37.1 on Windows, compiled with VC++ 2010, with WINDOWS_SSPI enabled.
When used from behind a company firewall the application fails to connect to the Internet for some users. I turned on CURLOPT_VERBOSE to get some more information what's going on, but I have to admit that I'm at a loss whether this is a problem related to my own application (for example, missing information to be sent to the proxy) or to the proxy server (for example, missconfiguration). When I use the application from behind the firewall of my company the application authenticates via NTLM successfully and can access the required URL without problems. From another user located behind the firewall of his company I got the logged information of CURLOPT_VERBOSE. The output is very similar to what I get on my own computer. The NTLM authentication procedure seems to be started correctly. However, the last step, re-issuing the request using a "PROXY-AUTHORIZATION" header is missing. Below I copied in the relevant parts of the log on my own computer and of the log on the computer of the other user. Any pointer what might be going wrong on the computer of the other user would be very much appreciated. Regards, Ulrich >>> Sample log from my own computer - successful <<< Text: Rebuilt URL to: http://xyz.com/ Text: Hostname was NOT found in DNS cache Text: Trying 10.20.30.40... Text: Connected to 10.20.30.40 (10.20.30.40) port 8080 (#0) Header out: GET http://xyz.com/ HTTP/1.1 Host: xyz.com Accept: */* Proxy-Connection: Keep-Alive Header in: HTTP/1.1 407 authenticationrequired Header in: Content-Type: text/html Header in: Cache-Control: no-cache Header in: Content-Length: 4661 Header in: Proxy-Connection: Keep-Alive Header in: Proxy-Authenticate: NTLM Header in: Proxy-Authenticate: Basic realm="Web Gateway" Text: Ignoring the response-body Data in: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> ... </html> Text: Connection #0 to host 10.20.30.40 left intact Text: Issue another request to this URL: 'http://xyz.com/' Text: Found bundle for host xyz.com: 0x2642a70 Text: Re-using existing connection! (#0) with host 10.20.30.40 Text: Connected to 10.20.30.40 (10.20.30.40) port 8080 (#0) Text: Proxy auth using NTLM with user '' Header out: GET http://xyz.com/ HTTP/1.1 Proxy-Authorization: NTLM TlQWERTZSDESDESDE7II4gkACQAuCVBGFgDFGTgZZZUUUbEdAAAAD 0JZWVJTQUJZQUNDT1VOVA== Host: xyz.com Accept: */* Proxy-Connection: Keep-Alive Header in: HTTP/1.1 407 authenticationrequired Header in: Content-Type: text/html Header in: Cache-Control: no-cache Header in: Content-Length: 4661 Header in: Proxy-Connection: Keep-Alive Header in: Proxy-Authenticate: NTLM TlRMTVNTUAACBBBBBBBBBBBBAAA1gongWv+dh/0VGEQBBBBBBBBB BBBBBBBBBBBB Text: Ignoring the response-body Data in: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> ... </html> Text: Connection #0 to host 10.20.30.40 left intact Text: Issue another request to this URL: 'http://xyz.com/' Text: Found bundle for host xyz.com: 0x2642a70 Text: Re-using existing connection! (#0) with host 10.20.30.40 Text: Connected to 10.20.30.40 (10.20.30.40) port 8080 (#0) Text: Proxy auth using NTLM with user '' Header out: GET http://xyz.com/ HTTP/1.1 Proxy-Authorization: NTLM TlRMTVNTUAADbvbvbvbYAbvbvbvbvbvblAAAbvbvbvbvbAbvbvbGAGoAAA AMAAwAcAAAABAAEACsAAAANYKI4gYBsR0AAAAPpfKBZfzJWaoABpHp CMKKtUIAWQBBAEMAQwBPAFUATgBUAFQARQBVAEIAWQBZAFIAUwB BAA30nEcx5j0PbbbbbbbbbbbbbbbbbbbbAB8mI5lZzL0vbvbvBvbvbvLvbvbsk GqkXViAU0XVvW0pd0gjaeOJOWg= Host: xyz.com Accept: */* Proxy-Connection: Keep-Alive Header in: HTTP/1.1 200 OK Header in: Date: Thu, 28 Aug 2014 11:00:22 GMT Header in: Content-Type: text/html; charset=utf-8 Header in: ... Header in: Proxy-Connection: Keep-Alive Header in: Transfer-Encoding: chunked Data in: 9989 <?xml version="1.0" encoding="utf-8"?> ... </html> 0 Text: Connection #0 to host 10.20.30.40 left intact >>> End of log <<< >>> Sample log from another user - NOT successful <<< Text: Rebuilt URL to: http://xyz.com/ Text: Hostname was NOT found in DNS cache Text: Trying 11.22.33.44... Text: Connected to 11.22.33.44 (11.22.33.44) port 9090 (#0) Header out: GET http://xyz.com/ HTTP/1.1 Host: xyz.com Accept: */* Proxy-Connection: Keep-Alive Header in: HTTP/1.1 407 authenticationrequired Header in: Content-Type: text/html Header in: Cache-Control: no-cache Header in: Content-Length: 2637 Header in: Proxy-Connection: Keep-Alive Header in: Proxy-Authenticate: NTLM Header in: Proxy-Authenticate: Basic realm="CompanyAD" Text: Ignoring the response-body Data in: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> ... </html> Text: Connection #0 to host 11.22.33.44 left intact Text: Issue another request to this URL: 'http://xyz.com/' Text: Found bundle for host xyz.com: 0x2c780c0 Text: Re-using existing connection! (#0) with host 11.22.33.44 Text: Connected to 11.22.33.44 (11.22.33.44) port 9090 (#0) Text: Proxy auth using NTLM with user '' Header out: GET http://xyz.com/ HTTP/1.1 Proxy-Authorization: NTLM TlRMTVNTUAABAAAAt7II4gcABwAuAAFFFFFFFFFFFFFFFFEdAAAAFFFF FFFFFFxYLUVNRUE= Host: xyz.com Accept: */* Proxy-Connection: Keep-Alive Header in: HTTP/1.1 407 authenticationrequired Header in: Content-Type: text/html Header in: Cache-Control: no-cache Header in: Content-Length: 2637 Header in: Proxy-Connection: Keep-Alive Header in: Proxy-Authenticate: NTLM TlRFFGGHHAACAABBBBBBABBBBAA1gongzXgdkoL6puUBBBBBBBBBB BBBBBBBBAAA Text: Ignoring the response-body Data in: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> ... </html> Text: Connection #0 to host 11.22.33.44 left intact Text: Issue another request to this URL: 'http://xyz.com/' Text: Found bundle for host xyz.com: 0x2c780c0 Text: Re-using existing connection! (#0) with host 11.22.33.44 Text: Connected to 11.22.33.44 (11.22.33.44) port 9090 (#0) Text: Connection #0 to host 11.22.33.44 left intact >>> End of log <<< -- E-Mail privat: [email protected] World Wide Web: http://www.telle-online.de ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
