libcurl and s3/minio vs curl

Wed, 27 Mar 2024 17:25:50 -0700 

Hello,
I am writing some c code using libcurl, in part, I want to do some things in c code that I can do with curl (the cli command) 


So this command works:
curl --insecure     -o minio-hosts     -H Date: Wed, 27 Mar 2024 23:43:23 +0000     -H Content-Type: application/zstd     -H Authorization: AWS rcroonen:/byqGczQvJ6PSmVriRbmmM86yqE= https://minio-1.ib1:9000/rcroonen/test-bucket/hosts
(the insecure is because I am working with self signed certificates for now. the  3 -H options are needed else the minio (object store) doesn't return anything.
When I use the curl command there seems to be a TLS handshake going on.  Also, h2 and http1.1 is offered. (in the lib curl application, only http1.1 is offered, and also there's no TLS handshake. the libcurl application does connect, but then a "403 Forbidden" error is returned, although it is the same object that I am trying to retrieve, same uid, same passwd etc.
 I can attach the verbose output from curl and also libcurl,  but it is somewhat long,  hope no one minds (and if, I apologize): 


libcurl application:

* Rebuilt URL to: https://minio-1.ib1/
*   Trying 10.10.1.1...
* TCP_NODELAY set
* Connected to minio-1.ib1 (10.10.1.1) port 9000 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: O=Certgen Development; OU=root@devel01
*  start date: Mar 22 20:58:51 2024 GMT
*  expire date: Mar 22 20:58:51 2025 GMT
*  subjectAltName: host "minio-1.ib1" matched cert's "minio-1.ib1"
*  issuer: O=Certgen Development; OU=root@devel01
*  SSL certificate verify result: self signed certificate (18), continuing anyway. 
> GET / HTTP/1.1
Host: minio-1.ib1:9000
Accept: */*

< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 254
Content-Length: 254
< Content-Type: application/xml
Content-Type: application/xml
< Server: MinIO
Server: MinIO
< Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
Vary: Origin
< Vary: Accept-Encoding
Vary: Accept-Encoding
< X-Amz-Id-2: 7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432 
X-Amz-Id-2: 7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432
< X-Amz-Request-Id: 17C0C3DEA0033AEA
X-Amz-Request-Id: 17C0C3DEA0033AEA
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
X-Xss-Protection: 1; mode=block
< Date: Wed, 27 Mar 2024 23:46:59 GMT
Date: Wed, 27 Mar 2024 23:46:59 GMT
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host minio-1.ib1 left intact
<Error><Code>AccessDenied</Code><Message>Access Denied.</Message><Resource>/</Resource><RequestId>17C0C3DEA0033AEA</RequestId><HostId>7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432</HostId></Error> 




curl verbose output:

* TCP_NODELAY set
* Connected to minio-1.ib1 (10.10.1.1) port 9000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [21 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [573 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: O=Certgen Development; OU=root@devel01
*  start date: Mar 22 20:58:51 2024 GMT
*  expire date: Mar 22 20:58:51 2025 GMT
*  issuer: O=Certgen Development; OU=root@devel01
*  SSL certificate verify result: self signed certificate (18), continuing anyway. 
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
> GET /rcroonen/test-bucket/hosts HTTP/1.1
> Host: minio-1.ib1:9000
> User-Agent: curl/7.61.1
> Accept: */*
> Date: Wed, 27 Mar 2024 23:43:23 +0000
> Content-Type: application/zstd
> Authorization: AWS rcroonen:/byqGczQvJ6PSmVriRbmmM86yqE=
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [122 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 2667
< Content-Type: application/octet-stream
< ETag: "51bf733f5dcae5073c151d9d257d6e83"
< Last-Modified: Tue, 26 Mar 2024 18:11:54 GMT
< Server: MinIO
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
< Vary: Accept-Encoding
< X-Amz-Id-2: 7305db558a5bed72eec698bd6a4914085fd7101e4aa69a56032ea21de3c0f432 
< X-Amz-Request-Id: 17C0C3AC7E4866BD
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Date: Wed, 27 Mar 2024 23:43:24 GMT
<
{ [662 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
100  2667  100  2667    0     0  88900      0 --:--:-- --:--:-- --:--:-- 88900 



--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to