Russ Jones | 29 Jan 01:45 2015

curl output appears different from what stored in file...

I am using the following command line...

curl -L -k -A "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" -interface 192.71.23.48 -o "/var/www/html/cache/test-192.71.23.48.txt" http://www.trusted-link.com/ip.php

The terminal prints out...

HTTP/1.1 200 OK
Date: Thu, 29 Jan 2015 00:45:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 121
Connection: close
Content-Type: text/html; charset=UTF-8

80.248.225.2
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36[

But the file, /var/www/html/cache/test-192.71.23.48.txt, stores... (along with the default 403 page for CentOS) 

HTTP/1.1 403 Forbidden^M
Date: Wed, 28 Jan 2015 22:49:44 GMT^M
Server: Apache/2.2.15 (CentOS)^M
Accept-Ranges: bytes^M
Content-Length: 4954^M
Connection: close^M
Content-Type: text/html; charset=UTF-8

Any ideas?


--
========================================================
Russ Jones, CTO
rjones <at> angular.marketing

Angular
101 J. Morris Commons Lane – Suite 105
Morrisville, NC 27560

P: 919-459-1035
F: 919-747-4362
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Manisha Singh | 28 Jan 15:25 2015
Picon

RTSP Interleaved data has extra 0x0D

Hi,

 

I am using curl to get RTSP data. I am connecting to IP Cameras that send JPEG over RTP packets. Comparing the RTSP packets that I get from curl with wireshark, I noticed that there are extra 0x0D before every 0x0A. I was able to decode the JPEF RTP packets successfully when I remove those extra 0x0Ds from the stream.

 

This is how I am getting interleaved data:

 

  curl_setopt(curl, CURLOPT_INTERLEAVEFUNCTION, write_data_static);

  curl_setopt(curl, CURLOPT_INTERLEAVEDATA, this);

  curl_setopt(curl, CURLOPT_RTSP_REQUEST,(long)CURL_RTSPREQ_RECEIVE);

  CURLcode res  = curl_easy_perform(curl);         

  

Any ideas on what could be happening here?

 

Thanks,

Manisha

 

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Raphael Bauduin | 28 Jan 11:28 2015
Picon

advice for building test suite with libcurl


Hi,

I'm building a small network test suite using libcurl. The code for every test is quite similar, all setting multiple CURLOPT_*,
possibly with different options set to different values for each test.
Due to the similarity of the code structure, I thought about defining the tests in a config file (currently testing with libconfig).
This would enable me to have one code performing all tests, and also replace


     curl_easy_setopt(curl, CURLOPT_URL, "http://localhost:8080");
     curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
     curl_easy_setopt(curl, CURLOPT_HEADER, 1L );

with something like this pseudo code to be translated in C:

for (i=0; i<options.length; i++) {
   curl_easy_setopt(curl, get_symbol_value_from_name(options[i].name),
options[i].value);
}

And my question is how do you advise me to solve the translation from a string to its symbol value,
eg from "CURLOPT_URL" to CURLOPT_URL ( get_symbol_value_from_name in the pseudo code)?

One possibility is defining a mapping from the string to the symbol, possibly with the help of a macro:

struct mapping {
char name;
int code;
char type;
}
mapping arr[] =  {
{"CURLOPT_URL", CURLOPT_URL, "str"},
{"CURLOPT_HEADER", CURLOPT_HEADER, "long"}
}
#define add_mapping(tab,code,type) tab[(code)] = {#code, code, type}

Is this the way to go? Is there a way to define a mapping for all curl options? Or is there something in libcurl's code that can help me?

Thanks in advance for your feedback!

Raph
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Gusano, Javier | 27 Jan 18:01 2015
Picon

HTTP2 support and case use

Hi everyone,
My name is Javier and this is my first e-mail in this list. I've got a problem using CURL under Ubuntu 14.04.1
LTS. This is the process that I've been using for the installation:
1st. I installed NGHTTP2 as defined in this URL: https://github.com/tatsuhiro-t/nghttp2
2nd: I clone CURL from the GIT server and use this commands for compile:
./buildconf
./configure
make
make install

Note: When I use ./configure, my linux terminal shows:
  SSL support:      enabled (OpenSSL)
  [...]
  TLS-SRP support:  enabled
  [...]
  HTTP2 support:    enabled (nghttp2)

But when I try to use this command, CURL can't use the HTTP2 protocol:
curl --http2 --url http://nghttp2.org
curl: (1) Unsupported protocol

¿Could some one show me how to install and use CURL with HTTP2 support step by step? Thanks for your help.

Regards,

Javier

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Bill T | 26 Jan 19:36 2015

Why does my curl script go stale?

Newbie here...

I have written a script to periodically login and check an online account balance.  It works for a month then stops working.  I created it with the help of developer tools in chrome.  There is an option to 'copy command as curl'.  I was able to use this method to get curl commands for a POST and GET event which I think correspond to login and account page.  I only need to invoke curl twice to get this done.  So why does it stop working after a while?

My main suspect is the sessionid.  But why would the sessionid last for a month?  Or is it something else I am overlooking?

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Norton, Mike | 23 Jan 20:52 2015
Picon

Specify SNI server name for HTTPS client hello

Is there a way to specify what gets used for the server name in the TLS client hello? I need to specify the server name to test a reverse proxy server that is not yet in DNS. The server requires SNI or else it will close the connection. I’m trying to do something like this:

 

$ curl -k -I -H "Host: www.example.com" "https://192.0.2.1/example/"

 

I want to send “www.example.com” as the HTTP host and as the TLS server name, but I want to connect to 192.0.2.1, which is not necessarily the same IP that’s in DNS for that name. Is there a way to do that using command-line options?

 

--

Mike Norton

 

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Rodrigo Zanatta Silva | 17 Jan 01:15 2015
Picon

RE: big docs (was Re: Limits to curl command....)

> I'm always open for actual ideas on how to improve the docs and make 
> it easier  to learn from, but what is important to some are never used by 
> others and vice  versa... 

Lol... I understand... But my idea was: continue having the big docs. A good and big program like curl need it. 

But... Why not write a NEW doc, smaller with only the most commonly used options. Yeah... this is a difficult..

And I only read this page. Do a "man curl" in console is not good because it is big, so I do a "man curl" in google :D

By the way, I can't help with it. My english is not so good :( Maybe if you like it, others peoples can help.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Rodrigo Zanatta Silva | 17 Jan 01:00 2015
Picon

Re: Smart strategy to write million of files in OSX with bash curl?

....

> Filesystem damage indicates a kernel bug or hardware failure. It's too bad
> pushing it so hard causes this. You may want to contact Apple about this,
> especially if you have a reliable test case. 

Lol.. I will never know why this happens. But I get two kernel panic and never have seen it before... If you want to know, after I connect it with a secondary drive, I can read the files, But any program solve the logical problem, so I just formated everything.

> Are you writing all these millions of files into a single directory? Many 
> filesystems don't handle that case well and devolve into pathologically slow
> behaviour. The solution to this is to either use another filesystem, write the
> files into a database instead, or shard the directory. The latter solution may
> be the easiest, and involves creating a hierarchy of directories into which the
> files are stored which can be one or more levels deep. This is how git stores
> its files, for example. Rather than having one huge .git/objects directory into
> which all the objects are placed, there's a second layer of 256 directories
> containing the first two hexadecimal digits of the object names. This reduces
> the size of a single directory by a factor of 256. That's probably not enough
> for your case as it would still leave tens of thousands of files in a single
> directory, so you'd likely have to create a second level of directories inside
> the first. 

>>> Dan 

I REALLY loved your idea. Why I don't thought about it.  By the way, do you know the "best" number of file I can save in one directory? Like, the better is less than 1.000 or maybe power of two, like 511 or 1023 files per directory? And use 256 subdirectory for every directory?

About write in a database. Yeah... I can use the Sqlite. And it will solve all the problem with filesystem. 

Hum... What do you think is the best strategy for common operate system (I will create a open source program and want it work in linux/windows/mac). First of all, the easier way is write bash script and open all of them in background. So:

  • Use a tree of subdirectory 
  • Use the sqlite. This is a little more complex but is the exactly answer for "one file"
  • In this way, make 150 bash script write in the same file (so the bash and operation system solve the problem not me) or create 150 database for every thread and after if finish, join the database?
  • And... Working with database, the best way to DOWNLOAD a page with Curl is save the file in disk and then write in database (after it, delete the file) or only use the curl to download in the memory and write in database. Remember, this is 150 threads doing the same. 
Ps. Really sorry. I thought if someone answer my thread, I was see the e-mail alone and not in Digest. Now I config the system better. Because this I don't see the email for a while. 

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
无有先生 | 16 Jan 03:43 2015

FTPS:Another reason, failed to access FTPS through a HTTP proxy server(v7.40.0)

command:
./curl -p -x 192.168.0.107:808 -U 12:12 ftps://dmb1234:Password123 <at> 192.168.65.174:990/DeviceStateLine.aspx -o DeviceStateLine.aspx --cacert certs.crt --trace output.txt

result:
== Info: STATE: INIT => CONNECT handle 0x865faa4; line 1034 (connection #-5000)
== Info: Added connection 0. The cache now contains 1 members
== Info:   Trying 192.168.0.107...
== Info: STATE: CONNECT => WAITCONNECT handle 0x865faa4; line 1087 (connection #0)
== Info: Connected to 192.168.0.107 (192.168.0.107) port 808 (#0)
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Establish HTTP proxy tunnel to 192.168.65.174:990
== Info: Proxy auth using Basic with user '12'
== Info: Server auth using Basic with user 'dmb1234'
=> Send header, 157 bytes (0x9d)
0000: 43 4f 4e 4e 45 43 54 20 31 39 32 2e 31 36 38 2e CONNECT 192.168.
0010: 36 35 2e 31 37 34 3a 39 39 30 20 48 54 54 50 2f 65.174:990 HTTP/
0020: 31 2e 31 0d 0a 48 6f 73 74 3a 20 31 39 32 2e 31 1.1..Host: 192.1
0030: 36 38 2e 36 35 2e 31 37 34 3a 39 39 30 0d 0a 50 68.65.174:990..P
0040: 72 6f 78 79 2d 41 75 74 68 6f 72 69 7a 61 74 69 roxy-Authorizati
0050: 6f 6e 3a 20 42 61 73 69 63 20 4d 54 49 36 4d 54 on: Basic MTI6MT
0060: 49 3d 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 I=..User-Agent:
0070: 63 75 72 6c 2f 37 2e 34 30 2e 30 0d 0a 50 72 6f curl/7.40.0..Pro
0080: 78 79 2d 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b xy-Connection: K
0090: 65 65 70 2d 41 6c 69 76 65 0d 0a 0d 0a          eep-Alive....
== Info: STATE: WAITCONNECT => WAITPROXYCONNECT handle 0x865faa4; line 1220 (connection #0)
== Info: Marked for [keep alive]: HTTP default
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Marked for [keep alive]: HTTP default
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Marked for [keep alive]: HTTP default
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Read response immediately from proxy CONNECT
<= Recv header, 37 bytes (0x25)
0000: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 43 6f 6e HTTP/1.1 200 Con
0010: 6e 65 63 74 69 6f 6e 20 65 73 74 61 62 6c 69 73 nection establis
0020: 68 65 64 0d 0a                                  hed..
<= Recv header, 22 bytes (0x16)
0000: 50 72 6f 78 79 2d 61 67 65 6e 74 3a 20 43 43 50 Proxy-agent: CCP
0010: 72 6f 78 79 0d 0a                               roxy..
<= Recv header, 2 bytes (0x2)
0000: 0d 0a                                           ..
== Info: Proxy replied OK to CONNECT request
== Info: STATE: WAITPROXYCONNECT => WAITCONNECT handle 0x865faa4; line 1177 (connection #0)
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Marked for [keep alive]: FTP default
== Info: successfully set certificate verify locations:
== Info:   CAfile: certs.crt
  CApath: none
== Info: TLSv1.0, TLS handshake, Client hello (1):
=> Send SSL data, 63 bytes (0x3f)
0000: 01 00 00 3b 03 01 54 b7 59 cc 6c 0e 5c 25 79 fe ...;..T.Y.l.\%y.
0010: 3f a6 d4 15 47 56 5e cd fc 8b 71 e4 0c cb 42 3d ?...GV^...q...B=
0020: 51 69 6b ec 2d 6e 00 00 14 00 39 00 38 00 35 00 Qik.-n....9.8.5.
0030: 33 00 32 00 2f 00 16 00 13 00 0a 00 ff 01 00    3.2./..........
== Info: TLSv1.0, TLS handshake, Server hello (2):
<= Recv SSL data, 81 bytes (0x51)
0000: 02 00 00 4d 03 01 54 b7 5b 0f a2 e6 52 2f 75 fe ...M..T.[...R/u.
0010: b8 0a 33 aa 52 fb 6d d9 c4 f6 c0 5a fa 7f 1d eb ..3.R.m....Z...
0020: 64 5a e2 bf e4 48 20 5d 05 a9 6c 26 f1 b4 c9 f6 dZ...H ]..l&....
0030: 30 00 ec d1 64 b0 7e 26 99 5c d7 11 0c 80 08 f8 0...d.~&.\......
0040: 71 1b 33 8f 91 76 b5 00 35 00 00 05 ff 01 00 01 q.3..v..5.......
0050: 00                                              .
== Info: TLSv1.0, TLS handshake, CERT (11):
<= Recv SSL data, 847 bytes (0x34f)
0000: 0b 00 03 4b 00 03 48 00 03 45 30 82 03 41 30 82 ...K..H..E0..A0.
0010: 02 29 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 .)........0...*.
0020: 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 H........0d1.0..
0030: 03 55 04 06 13 02 43 4e 31 0b 30 09 06 03 55 04 .U....CN1.0...U.
0040: 08 13 02 66 6a 31 0b 30 09 06 03 55 04 07 13 02 ...fj1.0...U....
0050: 66 7a 31 10 30 0e 06 03 55 04 0a 13 07 73 74 61 fz1.0...U....sta
0060: 72 6e 65 74 31 10 30 0e 06 03 55 04 0b 13 07 73 rnet1.0...U....s
0070: 74 61 72 6e 65 74 31 17 30 15 06 03 55 04 03 13 tarnet1.0...U...
0080: 0e 31 39 32 2e 31 36 38 2e 36 35 2e 31 37 34 30 .192.168.65.1740
0090: 1e 17 0d 31 34 31 32 32 36 30 32 32 39 33 33 5a ...141226022933Z
00a0: 17 0d 32 34 31 32 32 33 30 32 32 39 33 33 5a 30 ..241223022933Z0
00b0: 64 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 0b d1.0...U....CN1.
00c0: 30 09 06 03 55 04 08 13 02 66 6a 31 0b 30 09 06 0...U....fj1.0..
00d0: 03 55 04 07 13 02 66 7a 31 10 30 0e 06 03 55 04 .U....fz1.0...U.
00e0: 0a 13 07 73 74 61 72 6e 65 74 31 10 30 0e 06 03 ...starnet1.0...
00f0: 55 04 0b 13 07 73 74 61 72 6e 65 74 31 17 30 15 U....starnet1.0.
0100: 06 03 55 04 03 13 0e 31 39 32 2e 31 36 38 2e 36 ..U....192.168.6
0110: 35 2e 31 37 34 30 82 01 22 30 0d 06 09 2a 86 48 5.1740.."0...*.H
0120: 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 .............0..
0130: 0a 02 82 01 01 00 b6 e4 50 9f b3 06 c5 ea 7b 1e ........P.....{.
0140: 91 82 66 27 5f a0 61 a3 4a c3 92 66 2a 00 97 d7 ..f'_.a.J..f*...
0150: 96 5f 1d 47 bf 8c 96 25 f8 9d ed de 86 7c 86 d8 ._.G...%.....|..
0160: 94 9b 52 57 5e e4 9c b3 9b b3 f8 f8 76 2e 58 55 ..RW^.......v.XU
0170: bd d0 12 10 29 d5 89 23 8f 94 a1 e5 4a 24 4d 08 ....)..#....J$M.
0180: 9d 25 8e 03 ca 4a 82 38 41 e7 b8 7c 02 15 2a ed .%...J.8A..|..*.
0190: 6c 4e 30 5b 4e 15 ad 79 79 90 32 7a 45 12 55 99 lN0[N..yy.2zE.U.
01a0: 33 98 72 b3 6a 28 8a 72 89 f0 d3 e2 77 47 ba 3c 3.r.j(.r....wG.<
01b0: 5c a8 8b ac b4 61 56 92 12 2f 96 43 bd c9 f2 03 \....aV../.C....
01c0: 7b 01 22 4c b7 0f dd 4f c5 36 c1 d1 68 66 97 9c {."L...O.6..hf..
01d0: 16 78 fb c2 c7 78 d8 48 6e ef ae 2f 07 4d e8 66 .x...x.Hn../.M.f
01e0: 80 b5 b6 3f c1 2a 49 6b 80 c1 8e 7c 09 f2 52 06 ...?.*Ik...|..R.
01f0: 7c 37 08 10 e4 49 f7 7b 12 e2 5f ba 91 65 97 11 |7...I.{.._..e..
0200: 3e bd ff 75 c9 16 1f 08 fd 58 37 d0 5b 8e 9d e3 >..u.....X7.[...
0210: 25 d3 29 78 d5 ba 9d 1b e7 4b 00 39 cd 49 1b e3 %.)x.....K.9.I..
0220: ca b7 36 b9 a5 48 82 1c c1 86 06 4c 54 b7 66 c3 ..6..H.....LT.f.
0230: 79 73 b9 d5 25 13 02 03 01 00 01 30 0d 06 09 2a ys..%......0...*
0240: 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 35 .H.............5
0250: b9 fc 36 11 08 fb 66 e7 65 14 42 78 3f ce 33 f3 ..6...f.e.Bx?.3.
0260: 03 9a 61 51 f1 a8 2a 07 ec 36 a5 1a 67 8c 6e 7d ..aQ..*..6..g.n}
0270: 01 53 d3 47 6b 14 39 39 d2 f3 19 92 16 3e 77 58 .S.Gk.99.....>wX
0280: ad af 2c 3e 0d ac 7f 58 f5 0d d8 73 04 76 75 02 ..,>..X...s.vu.
0290: 39 38 d8 3e 91 9f 47 c8 57 53 aa 19 73 62 10 9f 98.>..G.WS..sb..
02a0: 09 61 39 a4 47 e8 63 71 67 b6 75 ab 35 4b 49 39 .a9.G.cqg.u.5KI9
02b0: 01 cc d6 a8 ac 86 d2 36 81 82 e3 02 1c f4 5d 40 .......6......] <at>
02c0: f2 04 ab ac 8a 0a 37 59 ad 80 7e 82 33 61 f9 dc ......7Y..~.3a..
02d0: 1b e9 5a f9 80 8b 54 b9 7b 22 06 34 af 1c a5 63 ..Z...T.{".4...c
02e0: 56 c5 91 23 88 28 c5 2d e9 6b 5d 37 de f9 3c a0 V..#.(.-.k]7..<.
02f0: 05 19 6a 13 31 d7 17 7d ee 99 23 03 cf 86 82 a1 ..j.1..}..#.....
0300: 94 77 3a af 87 f5 2a b8 db c4 31 42 d1 43 19 37 .w:...*...1B.C.7
0310: 91 47 79 21 e0 f1 49 77 b9 96 21 78 95 f5 ba 7f .Gy!..Iw..!x...
0320: 10 65 1b 62 32 7f 30 db a7 2c 5b 20 76 54 4b c3 .e.b20..,[ vTK.
0330: ca 2d 0a 2d fa b5 a5 98 f3 5f aa 44 92 65 78 11 .-.-....._.D.ex.
0340: 37 e7 9d 26 31 36 0f 52 5a 62 ec c7 80 cb ec    7..&16.RZb.....
== Info: TLSv1.0, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: 0e 00 00 00                                     ....
== Info: TLSv1.0, TLS handshake, Client key exchange (16):
=> Send SSL data, 262 bytes (0x106)
0000: 10 00 01 02 01 00 91 e0 b4 fc f2 4d ca 80 16 8e ...........M....
0010: 71 f1 23 25 50 88 ec 75 3e d9 54 d5 69 60 1c 74 q.#%P..u>.T.i`.t
0020: 2e 68 da 0e 21 4e 23 7a 9f 64 36 40 3f 23 90 48 .h..!N#z.d6 <at> ?#.H
0030: de f9 fb 12 57 96 28 ba c7 61 07 ac d9 79 7a 33 ....W.(..a...yz3
0040: 3e 36 8f c2 ad 0e 47 83 ff a1 14 c9 cf 82 82 a8 >6....G.........
0050: f5 92 4d 29 86 f1 2b ab 8d ec d0 2a af 12 3a 84 ..M)..+....*..:.
0060: de 39 67 cd 5c 2b 7b c8 41 bf 85 54 4a dd d7 38 .9g.\+{.A..TJ..8
0070: f9 b3 07 0e 12 56 a7 3b 53 df 66 93 50 3c 25 97 .....V.;S.f.P<%.
0080: db f8 7e 00 d5 e4 9c 4b 5f 8c c7 56 f1 89 be 8c ..~....K_..V....
0090: bf 0b e6 8d 9b 5e 6b b8 ea b3 ea 71 82 70 ee d1 .....^k....q.p..
00a0: 3d 58 9f c6 12 55 b8 9d 96 91 87 e2 ac 17 18 e3 =X...U..........
00b0: 56 00 0c f1 48 4d 01 a2 dc c6 26 aa 6e c3 0c fe V...HM....&.n...
00c0: f9 fe be 6e 7d f4 92 71 0f d8 2a 28 64 26 d9 60 ...n}..q..*(d&.`
00d0: 55 38 30 76 3e eb d3 b3 fc a5 85 57 a1 07 e4 69 U80v>......W...i
00e0: 68 90 84 2e e7 68 3a 82 db 9a af a7 be fb 96 aa h....h:.........
00f0: c8 50 99 18 d8 f3 69 f7 1a 10 27 5d 51 e1 dc 29 .P....i...']Q..)
0100: 53 27 7d 49 3b 07                               S'}I;.
== Info: TLSv1.0, TLS change cipher, Client hello (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
== Info: TLSv1.0, TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: 14 00 00 0c 6c 62 b3 48 79 25 5e bb 38 66 38 de ....lb.Hy%^.8f8.
== Info: TLSv1.0, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: 01                                              .
== Info: TLSv1.0, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: 14 00 00 0c 63 02 01 1c 5b 0c 8e 4d db a1 76 82 ....c...[..M..v.
== Info: SSL connection using TLSv1.0 / AES256-SHA
== Info: Server certificate:
== Info: subject: C=CN; ST=fj; L=fz; O=starnet; OU=starnet; CN=192.168.65.174
== Info: start date: 2014-12-26 02:29:33 GMT
== Info: expire date: 2024-12-23 02:29:33 GMT
== Info: common name: 192.168.65.174 (matched)
== Info: issuer: C=CN; ST=fj; L=fz; O=starnet; OU=starnet; CN=192.168.65.174
== Info: SSL certificate verify ok.
== Info: FTP 0x867586c (line 3200) state change from STOP to WAIT220
== Info: STATE: WAITCONNECT => PROTOCONNECT handle 0x865faa4; line 1223 (connection #0)
<= Recv header, 38 bytes (0x26)
0000: 32 32 30 20 53 65 72 76 2d 55 20 46 54 50 20 53 220 Serv-U FTP S
0010: 65 72 76 65 72 20 76 31 34 2e 30 20 72 65 61 64 erver v14.0 read
0020: 79 2e 2e 2e 0d 0a                               y.....
=> Send header, 14 bytes (0xe)
0000: 55 53 45 52 20 64 6d 62 31 32 33 34 0d 0a       USER dmb1234..
== Info: FTP 0x867586c (line 847) state change from WAIT220 to USER
<= Recv header, 36 bytes (0x24)
0000: 33 33 31 20 55 73 65 72 20 6e 61 6d 65 20 6f 6b 331 User name ok
0010: 61 79 2c 20 6e 65 65 64 20 70 61 73 73 77 6f 72 ay, need passwor
0020: 64 2e 0d 0a                                     d...
=> Send header, 18 bytes (0x12)
0000: 50 41 53 53 20 50 61 73 73 77 6f 72 64 31 32 33 PASS Password123
0010: 0d 0a                                           ..
== Info: FTP 0x867586c (line 2633) state change from USER to PASS
<= Recv header, 30 bytes (0x1e)
0000: 32 33 30 20 55 73 65 72 20 6c 6f 67 67 65 64 20 230 User logged
0010: 69 6e 2c 20 70 72 6f 63 65 65 64 2e 0d 0a       in, proceed...
=> Send header, 8 bytes (0x8)
0000: 50 42 53 5a 20 30 0d 0a                         PBSZ 0..
== Info: FTP 0x867586c (line 2609) state change from PASS to PBSZ
<= Recv header, 55 bytes (0x37)
0000: 32 30 30 20 50 42 53 5a 20 63 6f 6d 6d 61 6e 64 200 PBSZ command
0010: 20 4f 4b 2e 20 50 72 6f 74 65 63 74 69 6f 6e 20  OK. Protection
0020: 62 75 66 66 65 72 20 73 69 7a 65 20 73 65 74 20 buffer size set
0030: 74 6f 20 30 2e 0d 0a                            to 0...
=> Send header, 8 bytes (0x8)
0000: 50 52 4f 54 20 50 0d 0a                         PROT P..
== Info: FTP 0x867586c (line 2819) state change from PBSZ to PROT
<= Recv header, 53 bytes (0x35)
0000: 32 30 30 20 50 52 4f 54 20 63 6f 6d 6d 61 6e 64 200 PROT command
0010: 20 4f 4b 2e 20 55 73 69 6e 67 20 70 72 69 76 61  OK. Using priva
0020: 74 65 20 64 61 74 61 20 63 6f 6e 6e 65 63 74 69 te data connecti
0030: 6f 6e 2e 0d 0a                                  on...
=> Send header, 5 bytes (0x5)
0000: 50 57 44 0d 0a                                  PWD..
== Info: FTP 0x867586c (line 859) state change from PROT to PWD
<= Recv header, 31 bytes (0x1f)
0000: 32 35 37 20 22 2f 22 20 69 73 20 63 75 72 72 65 257 "/" is curre
0010: 6e 74 20 64 69 72 65 63 74 6f 72 79 2e 0d 0a    nt directory...
== Info: Entry path is '/'
== Info: FTP 0x867586c (line 2950) state change from PWD to STOP
== Info: protocol connect phase DONE
== Info: STATE: PROTOCONNECT => DO handle 0x865faa4; line 1241 (connection #0)
== Info: DO phase starts
=> Send header, 6 bytes (0x6)
0000: 45 50 53 56 0d 0a                               EPSV..
== Info: FTP 0x867586c (line 1382) state change from STOP to PASV
== Info: Connect data stream passively
<= Recv header, 48 bytes (0x30)
0000: 32 32 39 20 45 6e 74 65 72 69 6e 67 20 45 78 74 229 Entering Ext
0010: 65 6e 64 65 64 20 50 61 73 73 69 76 65 20 4d 6f ended Passive Mo
0020: 64 65 20 28 7c 7c 7c 35 33 30 39 31 7c 29 0d 0a de (|||53091|)..
== Info: Hostname 192.168.0.107 was found in DNS cache
== Info:   Trying 192.168.0.107...
== Info: Connecting to 192.168.65.174 (192.168.0.107) port 808
== Info: FTP 0x867586c (line 2095) state change from PASV to STOP
== Info: ftp_perform ends with SECONDARY: 0
== Info: DO phase is complete1
== Info: STATE: DO => DO_MORE handle 0x865faa4; line 1309 (connection #0)
== Info: Connected to 192.168.0.107 (192.168.0.107) port 808 (#0)
== Info: DO-MORE connected phase starts
== Info: Connection to proxy confirmed
== Info: Establish HTTP proxy tunnel to 192.168.65.174:53091
== Info: Proxy auth using Basic with user '12'
== Info: Server auth using Basic with user 'dmb1234'
=> Send header, 161 bytes (0xa1)
0000: 43 4f 4e 4e 45 43 54 20 31 39 32 2e 31 36 38 2e CONNECT 192.168.
0010: 36 35 2e 31 37 34 3a 35 33 30 39 31 20 48 54 54 65.174:53091 HTT
0020: 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 31 39 32 P/1.1..Host: 192
0030: 2e 31 36 38 2e 36 35 2e 31 37 34 3a 35 33 30 39 .168.65.174:5309
0040: 31 0d 0a 50 72 6f 78 79 2d 41 75 74 68 6f 72 69 1..Proxy-Authori
0050: 7a 61 74 69 6f 6e 3a 20 42 61 73 69 63 20 4d 54 zation: Basic MT
0060: 49 36 4d 54 49 3d 0d 0a 55 73 65 72 2d 41 67 65 I6MTI=..User-Age
0070: 6e 74 3a 20 63 75 72 6c 2f 37 2e 34 30 2e 30 0d nt: curl/7.40.0.
0080: 0a 50 72 6f 78 79 2d 43 6f 6e 6e 65 63 74 69 6f .Proxy-Connectio
0090: 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 0d n: Keep-Alive...
00a0: 0a                                              .
=> Send header, 8 bytes (0x8)
0000: 54 59 50 45 20 49 0d 0a                         TYPE I..
== Info: FTP 0x867586c (line 3534) state change from STOP to RETR_TYPE
<= Recv header, 20 bytes (0x14)
0000: 32 30 30 20 54 79 70 65 20 73 65 74 20 74 6f 20 200 Type set to
0010: 49 2e 0d 0a                                     I...
=> Send header, 27 bytes (0x1b)
0000: 53 49 5a 45 20 44 65 76 69 63 65 53 74 61 74 65 SIZE DeviceState
0010: 4c 69 6e 65 2e 61 73 70 78 0d 0a                Line.aspx..
== Info: FTP 0x867586c (line 1798) state change from RETR_TYPE to RETR_SIZE
<= Recv header, 7 bytes (0x7)
0000: 32 31 33 20 34 0d 0a                            213 4..
=> Send header, 27 bytes (0x1b)
0000: 52 45 54 52 20 44 65 76 69 63 65 53 74 61 74 65 RETR DeviceState
0010: 4c 69 6e 65 2e 61 73 70 78 0d 0a                Line.aspx..
== Info: FTP 0x867586c (line 2344) state change from RETR_SIZE to RETR
<= Recv header, 77 bytes (0x4d)
0000: 31 35 30 20 4f 70 65 6e 69 6e 67 20 42 49 4e 41 150 Opening BINA
0010: 52 59 20 6d 6f 64 65 20 64 61 74 61 20 63 6f 6e RY mode data con
0020: 6e 65 63 74 69 6f 6e 20 66 6f 72 20 44 65 76 69 nection for Devi
0030: 63 65 53 74 61 74 65 4c 69 6e 65 2e 61 73 70 78 ceStateLine.aspx
0040: 20 28 34 20 42 79 74 65 73 29 2e 0d 0a           (4 Bytes)...
== Info: Maxdownload = -1
== Info: Getting file with size: 4
== Info: Doing the SSL/TLS handshake on the data stream
== Info: successfully set certificate verify locations:
== Info:   CAfile: certs.crt
  CApath: none
== Info: SSL re-using session ID
== Info: TLSv1.0, TLS handshake, Client hello (1):
=> Send SSL data, 95 bytes (0x5f)
0000: 01 00 00 5b 03 01 54 b7 59 cc 5b 25 8a 3b 86 d4 ...[..T.Y.[%.;..
0010: 3b 60 82 51 7f 1a 4a 58 9b 14 e8 80 30 46 22 04 ;`.Q.JX....0F".
0020: bb 85 bd 33 ed 83 20 5d 05 a9 6c 26 f1 b4 c9 f6 ...3.. ]..l&....
0030: 30 00 ec d1 64 b0 7e 26 99 5c d7 11 0c 80 08 f8 0...d.~&.\......
0040: 71 1b 33 8f 91 76 b5 00 14 00 39 00 38 00 35 00 q.3..v....9.8.5.
0050: 33 00 32 00 2f 00 16 00 13 00 0a 00 ff 01 00    3.2./..........
== Info: TLSv1.0, TLS alert, Server hello (2):
=> Send SSL data, 2 bytes (0x2)
0000: 02 46                                           .F
== Info: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
== Info: Marked for [closure]: FTP ended with bad error code
== Info: Closing connection 0
== Info: The cache now contains 0 members
== Info: TLSv1.0, TLS alert, Client hello (1):
=> Send SSL data, 2 bytes (0x2)
0000: 01 00                                           ..
== Info: Expire cleared

reason:
When the network is relatively poor, the data channel request agent, without waiting for the proxy server to return a message, and processes. Then send the SSL certification, lead to authentication failed.

scheme:
Data channel using delay.

modify:
file:http_proxy.c;
function:Curl_proxyCONNECT
line:231~239
The red word for new added code
    check = Curl_timeleft(data, NULL, TRUE);
    if(check <= 0) {
      failf(data, "Proxy CONNECT aborted due to timeout");
      return CURLE_RECV_ERROR;
    }
    if(FIRSTSOCKET == sockindex) {
      if(0 == Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD, 0))
        /* return so we'll be called again polling-style */
        return CURLE_OK;
      else {
        DEBUGF(infof(data,
                   "Read response immediately from proxy CONNECT\n"));
      }
    }
    /* at this point, the tunnel_connecting phase is over. */

    { /* READING RESPONSE PHASE */

Looking forward to your reply!
zhenyang su
china
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
无有先生 | 16 Jan 03:43 2015

FTPS:Failed to access FTPS through a HTTP proxy server(v7.40.0)

command:
./curl -p -x 192.168.65.223:8090 -U 12:12 ftps://dmb1234:Password123 <at> 192.168.65.174:990/DeviceStateLine.aspx -o DeviceStateLine.aspx --cacert certs.crt --trace output.txt

result:
== Info: STATE: INIT => CONNECT handle 0x826daa4; line 1034 (connection #-5000)
== Info: Added connection 0. The cache now contains 1 members
== Info:   Trying 192.168.65.223...
== Info: STATE: CONNECT => WAITCONNECT handle 0x826daa4; line 1087 (connection #0)
== Info: Connected to 192.168.65.223 (192.168.65.223) port 8090 (#0)
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Establish HTTP proxy tunnel to 192.168.65.174:990
== Info: Proxy auth using Basic with user '12'
== Info: Server auth using Basic with user 'dmb1234'
=> Send header, 157 bytes (0x9d)
0000: 43 4f 4e 4e 45 43 54 20 31 39 32 2e 31 36 38 2e CONNECT 192.168.
0010: 36 35 2e 31 37 34 3a 39 39 30 20 48 54 54 50 2f 65.174:990 HTTP/
0020: 31 2e 31 0d 0a 48 6f 73 74 3a 20 31 39 32 2e 31 1.1..Host: 192.1
0030: 36 38 2e 36 35 2e 31 37 34 3a 39 39 30 0d 0a 50 68.65.174:990..P
0040: 72 6f 78 79 2d 41 75 74 68 6f 72 69 7a 61 74 69 roxy-Authorizati
0050: 6f 6e 3a 20 42 61 73 69 63 20 4d 54 49 36 4d 54 on: Basic MTI6MT
0060: 49 3d 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 I=..User-Agent:
0070: 63 75 72 6c 2f 37 2e 34 30 2e 30 0d 0a 50 72 6f curl/7.40.0..Pro
0080: 78 79 2d 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b xy-Connection: K
0090: 65 65 70 2d 41 6c 69 76 65 0d 0a 0d 0a          eep-Alive....
== Info: STATE: WAITCONNECT => WAITPROXYCONNECT handle 0x826daa4; line 1220 (connection #0)
== Info: Marked for [keep alive]: HTTP default
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Marked for [keep alive]: HTTP default
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Read response immediately from proxy CONNECT
<= Recv header, 37 bytes (0x25)
0000: 48 54 54 50 2f 31 2e 30 20 32 30 30 20 43 6f 6e HTTP/1.0 200 Con
0010: 6e 65 63 74 69 6f 6e 20 65 73 74 61 62 6c 69 73 nection establis
0020: 68 65 64 0d 0a                                  hed..
<= Recv header, 2 bytes (0x2)
0000: 0d 0a                                           ..
== Info: Proxy replied OK to CONNECT request
== Info: successfully set certificate verify locations:
== Info:   CAfile: certs.crt
  CApath: none
== Info: TLSv1.0, TLS handshake, Client hello (1):
=> Send SSL data, 63 bytes (0x3f)
0000: 01 00 00 3b 03 01 54 b6 0e da 1e a1 39 30 49 9c ...;..T.....90I.
0010: 3d 8b 56 91 fc 63 69 29 4c f7 61 20 cb 63 aa cb =.V..ci)L.a .c..
0020: 5b f7 e5 89 45 c2 00 00 14 00 39 00 38 00 35 00 [...E.....9.8.5.
0030: 33 00 32 00 2f 00 16 00 13 00 0a 00 ff 01 00    3.2./..........
== Info: TLSv1.0, TLS handshake, Server hello (2):
<= Recv SSL data, 81 bytes (0x51)
0000: 02 00 00 4d 03 01 54 b6 10 0b f4 e2 d0 5e f0 2e ...M..T......^..
0010: 75 98 67 19 6d 0a 42 d2 3f c3 8c 9f f6 3c d9 99 u.g.m.B.?....<..
0020: 97 5a 74 d7 e7 b9 20 cd 2e e6 6b 59 f0 58 7a 8f .Zt... ...kY.Xz.
0030: 50 4d 39 d0 53 43 28 fb 92 dc d0 a7 9d 20 91 65 PM9.SC(...... .e
0040: e0 80 a0 8e 8b 67 88 00 35 00 00 05 ff 01 00 01 .....g..5.......
0050: 00                                              .
== Info: TLSv1.0, TLS handshake, CERT (11):
<= Recv SSL data, 847 bytes (0x34f)
0000: 0b 00 03 4b 00 03 48 00 03 45 30 82 03 41 30 82 ...K..H..E0..A0.
0010: 02 29 a0 03 02 01 02 02 01 00 30 0d 06 09 2a 86 .)........0...*.
0020: 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 H........0d1.0..
0030: 03 55 04 06 13 02 43 4e 31 0b 30 09 06 03 55 04 .U....CN1.0...U.
0040: 08 13 02 66 6a 31 0b 30 09 06 03 55 04 07 13 02 ...fj1.0...U....
0050: 66 7a 31 10 30 0e 06 03 55 04 0a 13 07 73 74 61 fz1.0...U....sta
0060: 72 6e 65 74 31 10 30 0e 06 03 55 04 0b 13 07 73 rnet1.0...U....s
0070: 74 61 72 6e 65 74 31 17 30 15 06 03 55 04 03 13 tarnet1.0...U...
0080: 0e 31 39 32 2e 31 36 38 2e 36 35 2e 31 37 34 30 .192.168.65.1740
0090: 1e 17 0d 31 34 31 32 32 36 30 32 32 39 33 33 5a ...141226022933Z
00a0: 17 0d 32 34 31 32 32 33 30 32 32 39 33 33 5a 30 ..241223022933Z0
00b0: 64 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 0b d1.0...U....CN1.
00c0: 30 09 06 03 55 04 08 13 02 66 6a 31 0b 30 09 06 0...U....fj1.0..
00d0: 03 55 04 07 13 02 66 7a 31 10 30 0e 06 03 55 04 .U....fz1.0...U.
00e0: 0a 13 07 73 74 61 72 6e 65 74 31 10 30 0e 06 03 ...starnet1.0...
00f0: 55 04 0b 13 07 73 74 61 72 6e 65 74 31 17 30 15 U....starnet1.0.
0100: 06 03 55 04 03 13 0e 31 39 32 2e 31 36 38 2e 36 ..U....192.168.6
0110: 35 2e 31 37 34 30 82 01 22 30 0d 06 09 2a 86 48 5.1740.."0...*.H
0120: 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 .............0..
0130: 0a 02 82 01 01 00 b6 e4 50 9f b3 06 c5 ea 7b 1e ........P.....{.
0140: 91 82 66 27 5f a0 61 a3 4a c3 92 66 2a 00 97 d7 ..f'_.a.J..f*...
0150: 96 5f 1d 47 bf 8c 96 25 f8 9d ed de 86 7c 86 d8 ._.G...%.....|..
0160: 94 9b 52 57 5e e4 9c b3 9b b3 f8 f8 76 2e 58 55 ..RW^.......v.XU
0170: bd d0 12 10 29 d5 89 23 8f 94 a1 e5 4a 24 4d 08 ....)..#....J$M.
0180: 9d 25 8e 03 ca 4a 82 38 41 e7 b8 7c 02 15 2a ed .%...J.8A..|..*.
0190: 6c 4e 30 5b 4e 15 ad 79 79 90 32 7a 45 12 55 99 lN0[N..yy.2zE.U.
01a0: 33 98 72 b3 6a 28 8a 72 89 f0 d3 e2 77 47 ba 3c 3.r.j(.r....wG.<
01b0: 5c a8 8b ac b4 61 56 92 12 2f 96 43 bd c9 f2 03 \....aV../.C....
01c0: 7b 01 22 4c b7 0f dd 4f c5 36 c1 d1 68 66 97 9c {."L...O.6..hf..
01d0: 16 78 fb c2 c7 78 d8 48 6e ef ae 2f 07 4d e8 66 .x...x.Hn../.M.f
01e0: 80 b5 b6 3f c1 2a 49 6b 80 c1 8e 7c 09 f2 52 06 ...?.*Ik...|..R.
01f0: 7c 37 08 10 e4 49 f7 7b 12 e2 5f ba 91 65 97 11 |7...I.{.._..e..
0200: 3e bd ff 75 c9 16 1f 08 fd 58 37 d0 5b 8e 9d e3 >..u.....X7.[...
0210: 25 d3 29 78 d5 ba 9d 1b e7 4b 00 39 cd 49 1b e3 %.)x.....K.9.I..
0220: ca b7 36 b9 a5 48 82 1c c1 86 06 4c 54 b7 66 c3 ..6..H.....LT.f.
0230: 79 73 b9 d5 25 13 02 03 01 00 01 30 0d 06 09 2a ys..%......0...*
0240: 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 35 .H.............5
0250: b9 fc 36 11 08 fb 66 e7 65 14 42 78 3f ce 33 f3 ..6...f.e.Bx?.3.
0260: 03 9a 61 51 f1 a8 2a 07 ec 36 a5 1a 67 8c 6e 7d ..aQ..*..6..g.n}
0270: 01 53 d3 47 6b 14 39 39 d2 f3 19 92 16 3e 77 58 .S.Gk.99.....>wX
0280: ad af 2c 3e 0d ac 7f 58 f5 0d d8 73 04 76 75 02 ..,>..X...s.vu.
0290: 39 38 d8 3e 91 9f 47 c8 57 53 aa 19 73 62 10 9f 98.>..G.WS..sb..
02a0: 09 61 39 a4 47 e8 63 71 67 b6 75 ab 35 4b 49 39 .a9.G.cqg.u.5KI9
02b0: 01 cc d6 a8 ac 86 d2 36 81 82 e3 02 1c f4 5d 40 .......6......] <at>
02c0: f2 04 ab ac 8a 0a 37 59 ad 80 7e 82 33 61 f9 dc ......7Y..~.3a..
02d0: 1b e9 5a f9 80 8b 54 b9 7b 22 06 34 af 1c a5 63 ..Z...T.{".4...c
02e0: 56 c5 91 23 88 28 c5 2d e9 6b 5d 37 de f9 3c a0 V..#.(.-.k]7..<.
02f0: 05 19 6a 13 31 d7 17 7d ee 99 23 03 cf 86 82 a1 ..j.1..}..#.....
0300: 94 77 3a af 87 f5 2a b8 db c4 31 42 d1 43 19 37 .w:...*...1B.C.7
0310: 91 47 79 21 e0 f1 49 77 b9 96 21 78 95 f5 ba 7f .Gy!..Iw..!x...
0320: 10 65 1b 62 32 7f 30 db a7 2c 5b 20 76 54 4b c3 .e.b20..,[ vTK.
0330: ca 2d 0a 2d fa b5 a5 98 f3 5f aa 44 92 65 78 11 .-.-....._.D.ex.
0340: 37 e7 9d 26 31 36 0f 52 5a 62 ec c7 80 cb ec    7..&16.RZb.....
== Info: TLSv1.0, TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: 0e 00 00 00                                     ....
== Info: TLSv1.0, TLS handshake, Client key exchange (16):
=> Send SSL data, 262 bytes (0x106)
0000: 10 00 01 02 01 00 07 6a 47 f3 d3 41 1d 7e 8f 35 .......jG..A.~.5
0010: 19 d0 e9 aa 81 63 73 f5 e2 60 ff 32 c2 0a 90 d0 .....cs..`.2....
0020: 17 a3 9c 97 d2 12 8c 90 b0 e7 ef d8 08 3a 92 29 .............:.)
0030: 6f 07 fd d9 67 c7 38 7c ce 8e c6 05 15 a5 bb ae o...g.8|........
0040: 57 0a d0 fa c9 37 d8 78 fc 09 96 b8 69 6b b2 d5 W....7.x....ik..
0050: 0f 1c 18 d2 40 ca 82 fd b9 ce 10 75 2a 39 00 85 .... <at> ......u*9..
0060: d7 b8 34 44 09 89 90 5d 48 87 7b bc 02 ab c2 7d ..4D...]H.{....}
0070: 58 09 c9 68 73 f1 6d 01 f8 14 e0 11 2c 6c 8f 3d X..hs.m.....,l.=
0080: 77 ae 41 ad 61 1f a7 fe 64 71 18 4e 2d b5 68 aa w.A.a...dq.N-.h.
0090: 2d 02 34 4e 57 72 47 2f 86 e0 5b 08 df 6c dc ee -.4NWrG/..[..l..
00a0: f6 38 47 67 12 37 9d 0c 9b c3 55 11 5d 70 5d 14 .8Gg.7....U.]p].
00b0: 5b 8b 3e c0 c4 6c 5a 8b 8f bf 6a 54 4a ac 65 7a [.>..lZ...jTJ.ez
00c0: 32 70 e7 5e 79 df f6 8f 72 43 1b a4 d9 95 94 4f 2p.^y...rC.....O
00d0: a0 ba bc cf ae 85 03 fb a8 f9 f6 c0 8a f8 94 38 ...............8
00e0: d6 5a 92 cb bc 7b 0b 30 59 6f e8 eb f5 32 3d f0 .Z...{.0Yo...2=.
00f0: 46 78 f9 99 64 0d 9a b9 d0 fb 60 c7 4d ae 9a ac Fx..d.....`.M...
0100: 42 b0 80 fa 1f 81                               B.....
== Info: TLSv1.0, TLS change cipher, Client hello (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
== Info: TLSv1.0, TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: 14 00 00 0c e6 5a 99 1c ba a3 09 8f d1 dd 62 9e .....Z........b.
== Info: TLSv1.0, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: 01                                              .
== Info: TLSv1.0, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: 14 00 00 0c c4 9c b7 b0 d1 ff 8c f1 25 74 7c a8 ............%t|.
== Info: SSL connection using TLSv1.0 / AES256-SHA
== Info: Server certificate:
== Info: subject: C=CN; ST=fj; L=fz; O=starnet; OU=starnet; CN=192.168.65.174
== Info: start date: 2014-12-26 02:29:33 GMT
== Info: expire date: 2024-12-23 02:29:33 GMT
== Info: common name: 192.168.65.174 (matched)
== Info: issuer: C=CN; ST=fj; L=fz; O=starnet; OU=starnet; CN=192.168.65.174
== Info: SSL certificate verify ok.
== Info: STATE: WAITPROXYCONNECT => WAITCONNECT handle 0x826daa4; line 1177 (connection #0)
== Info: Marked for [keep alive]: HTTP proxy CONNECT
== Info: Marked for [keep alive]: FTP default
== Info: successfully set certificate verify locations:
== Info:   CAfile: certs.crt
  CApath: none
== Info: SSL re-using session ID
== Info: TLSv1.0, TLS handshake, Client hello (1):
=> Send SSL data, 95 bytes (0x5f)
0000: 01 00 00 5b 03 01 54 b6 0e da 4f 1e fa ac 76 28 ...[..T...O...v(
0010: 4b 37 33 cd 3c ef 27 ac e5 bd c8 d1 32 b5 f5 c6 K73.<.'.....2...
0020: 1c 4c b7 f2 06 7f 20 cd 2e e6 6b 59 f0 58 7a 8f .L... ...kY.Xz.
0030: 50 4d 39 d0 53 43 28 fb 92 dc d0 a7 9d 20 91 65 PM9.SC(...... .e
0040: e0 80 a0 8e 8b 67 88 00 14 00 39 00 38 00 35 00 .....g....9.8.5.
0050: 33 00 32 00 2f 00 16 00 13 00 0a 00 ff 01 00    3.2./..........
== Info: TLSv1.0, TLS alert, Server hello (2):
=> Send SSL data, 2 bytes (0x2)
0000: 02 0a                                           ..
== Info: error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected record
== Info: Closing connection 0
== Info: The cache now contains 0 members
== Info: Expire cleared

reason:
The network better, before the conversion from WAITPROXYCONNECT into WAITCONNECT state, has completed the SSL certification, lead to the re created a SSL certification. The first SSL certification, is not the application layer data processing TCP/IP protocol stack residues, leading to the second SSL encryption and authentication failure.

scheme:
In the transition from WAITPROXYCONNECT state to WAITCONNECT,began to SSL certification.

modify:
file:http.c;
function:Curl_http_connect
The red word for new added code
CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
{
  CURLcode result;

  /* We default to persistent connections. We set this already in this connect
     function to make the re-use checks properly be able to check this bit. */
  connkeep(conn, "HTTP default");

  /* the CONNECT procedure might not have been completed */
  result = Curl_proxy_connect(conn);
  if(result)
    return result;

  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
    /* nothing else to do except wait right now - we're not done here. */
    return CURLE_OK;

  if(conn->given->flags & PROTOPT_SSL) {
  if(conn->given->protocol&CURLPROTO_FTPS) {
    *done = FALSE;
  }
  else {
      /* perform SSL initialization */
      result = https_connecting(conn, done);
      if(result)
        return result;
    }
  }
  else
    *done = TRUE;

  return CURLE_OK;
}

Looking forward to your reply!
zhenyang su
china
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Hilgersom, Danny | 14 Jan 16:29 2015
Picon

problems with TLSv1 curl on Windows

Hi,

 

We have a connection setup to a vendor that will be using only TLSv1 from now on. Before we would connect to them using the SSLv3 option. Now, when I want to connect to them I get an error:

* successfully set certificate verify locations:

*   CAfile: ca-bundle.pem

  CApath: none

* TLSv1.0, TLS handshake, Client hello (1):

* TLSv1.0, TLS handshake, Server hello (2):

* TLSv1.0, TLS alert, Server hello (2):

* error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext

* Closing connection 0

curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext

 

We are using curl 7.40 and running W2K8 R2.

 

We’ve tried multiple ways to connect with multiple options, but all this to no avail.

 

These are the commands that we tried:

curl.exe" -v --ssl-reqd --cert <certfile>.crt:<pass> --key <private_keyfile>.key --cacert ca-bundle.pem --user <users>:<pass> ftp://<ftp_server_url>/

curl.exe" -v –TLSv1 --ssl-reqd --cert <certfile>.crt:<pass> --key <private_keyfile>.key --cacert ca-bundle.pem --user <users>:<pass> ftp://<ftp_server_url>/

 

The old command we used and which worked just fine is:

curl.exe" -v –SSLv3 --ssl-reqd --cert <certfile>.crt:<pass> --key <private_keyfile>.key --cacert ca-bundle.pem --user <users>:<pass> ftp://<ftp_server_url>/

 

Any help would be more then welcome!

 

Thanks

 

hilgie

The information included in this message is personal and/or confidential and intended exclusively for the addressees as stated. This message and/or the accompanying documents may contain confidential information and should be handled accordingly. If you are not the intended reader of this message, we urgently request that you notify Centric immediately and that you delete this e-mail and any copies of it from your system and destroy any printouts immediately. It is forbidden to distribute, reproduce, use or disclose the information in this e-mail to third parties without obtaining prior permission from Centric. We expressly point out that there are risks associated with the use of e-mail. Centric and the companies within the group shall not accept any liability whatsoever for damage resulting from the use of e-mail. Legally binding obligations can only arise for Centric by means of a written instrument, signed by an authorized representative of Centric.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Gmane