PHP :: Bug #48602 :: curl doesn't correct proxy authentication header

Bug #48602

curl doesn't correct proxy authentication header

Submitted:

2009-06-19 11:04 UTC

Modified:

2009-06-26 11:56 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

garakkio at gmail dot com

Assigned:

Status:

Not a bug

Package:

cURL related

PHP Version:

5.2.10

OS:

Debian Lenny

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	garakkio at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2009-06-19 11:04 UTC] garakkio at gmail dot com

Description:
------------
If you try to get an url via a proxy with authentication, curl sends a "Server auth" header instead of "Proxy Auth", making authentication impossible.
If you try to get the same page using curl binary, the result is the expected one. The curl command corresponding to php reproduce code is:

curl -v -xexample.org:80 -Ufoo:bar -o /dev/null http://www.google.com

Reproduce code:
---------------
<?php

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://php.net');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXY, 'http://example.org:80');
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC); 
curl_setopt($ch, CURLOPT_USERPWD, 'foo:bar');
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_exec($ch);


Expected result:
----------------
* About to connect() to proxy example.org port 80 (#0)
*   Trying 208.77.188.166... * connected
* Connected to example.org (208.77.188.166) port 80 (#0)
* Proxy auth using Basic with user 'foo'
> GET http://php.net HTTP/1.1
Authorization: Basic Zm9vOmJhcg==
Host: php.net
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive

[...]

Actual result:
--------------
* About to connect() to proxy example.org port 80 (#0)
*   Trying 208.77.188.166... * connected
* Connected to example.org (208.77.188.166) port 80 (#0)
* Server auth using Basic with user 'foo'
> GET http://php.net HTTP/1.1
Authorization: Basic Zm9vOmJhcg==
Host: php.net
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive

[...]

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-25 11:44 UTC] sjoerd-php at linuxonly dot nl

Thank you for your bug report.

Do you try to authenticate to the proxy (example.org) or to the destination server (php.net)? Have you looked at the CURLOPT_PROXYUSERPWD option? In your bug report, the expected result and actual result appear to be the same text. Could you clarify this?

[2009-06-26 07:22 UTC] garakkio at gmail dot com

Well, the key was exactly CURLOPT_PROXYUSERPWD option.
Using CURLOPT_PROXYUSERPWD, one header is sent differently (the difference between actual and expected result is the Authorization/Proxy-Authorization header (I mistakenly set "Authorization" in expected result).
I'm sorry for this.
I close the ticket.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 10:01:29 2024 UTC