Why doesn't curl handle proxy correctly?
Issue
-
When setting a proxy to access an internet ftps site, the proxy is accessed but the authentication on the external site fails.
-
Without
curl-7.29.0-19.el7the certificate is handled correctly but the authentication on the remote site doesn't succeed:
$ curl -v -k --ftp-ssl --proxy http://proxy.local:8080 --proxy-user 10208h:Gri1de9I --output 20160519.csv --user "maif-visites:2aHi%z@HfKQff5Ye" ftps://localhost.example.com/out/20160519.csv
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to proxy proxy.local port 8080 (#0)
* Trying x.x.x.x...
* Connected to proxy.local (x.x.x.x) port 8080 (#0)
* Establish HTTP proxy tunnel to localhost.example.com:990
* Proxy auth using Basic with user '10208h'
* Server auth using Basic with user 'maif-visites'
> CONNECT localhost.example.com:990 HTTP/1.1
> Host: localhost.example.com:990
> Proxy-Authorization: Basic MTAyMDhoOkdyaTFkZTlJ
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0< HTTP/1.1 200 Connection established
<
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=*.example.com,OU=COMODO SSL Wildcard,OU=Domain Control Validated
* start date: May 04 00:00:00 2015 GMT
* expire date: May 03 23:59:59 2017 GMT
* common name: *.example.com
* Server auth using Basic with user 'maif-visites'
> GET /out/20160519.csv HTTP/1.1
> Authorization: Basic bWFpZi12aXNpdGVzOjJhSGklekBIZktRZmY1WWU=
> User-Agent: curl/7.29.0
> Host: localhost.example.com:990
> Accept: */*
>
{ [data not shown]
100 274 0 274 0 0 16 0 --:--:-- 0:00:16 --:--:-- 0
100 274 0 274 0 0 3 0 --:--:-- 0:01:29 --:--:-- 0
- With
curl-7.29.0-25.el7the certificate is not handled correctly:
$ curl -v -k --ftp-ssl --proxy http://proxy.maif.local:8080 --proxy-user 10208h:Gri1de9I --output tst_maif_visites_onboardes_20160519.csv --user "maif-visites:2aHi%z@HfKQff5Ye" ftps://flocalhost.example.com/out/20160519.csv
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to proxy proxy.maif.local port 8080 (#0)
* Trying 172.16.16.8...
* Connected to proxy.maif.local (172.16.16.8) port 8080 (#0)
* Establish HTTP proxy tunnel to localhost.example.com:990
* Proxy auth using Basic with user '10208h'
* Server auth using Basic with user 'maif-visites'
> CONNECT localhost.example.com:990 HTTP/1.1
> Host: localhost.example.com:990
> Proxy-Authorization: Basic MTAyMDhoOkdyaTFkZTlJ
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Server auth using Basic with user 'maif-visites'
> GET /out/20160519.csv HTTP/1.1
> Authorization: Basic bWFpZi12aXNpdGVzOjJhSGklekBIZktRZmY1WWU=
> User-Agent: curl/7.29.0
> Host: localhost.example.com:990
> Accept: */*
>
{ [data not shown]
* Recv failure: Connection reset by peer
100 5603 0 5603 0 0 23649 0 --:--:-- --:--:-- --:--:-- 23741
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.