[jira] Commented: (HTTPCLIENT-586) HttpClient v3: NTLM + SSL problem

Fri, 16 Jun 2006 07:19:53 -0700 

    [ 
http://issues.apache.org/jira/browse/HTTPCLIENT-586?page=comments#action_12416509
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-586:
----------------------------------------------

First off, the stock version of HttpClient supports NTLMv1only. If your proxy 
has been configured to require NTLMv2 you are out of luck.

Regarding your custom authentication scheme, I can't say much. I have neither 
time not inclination to reverse engineer Microsoft proprietary protocols. As 
far as I can tell something goes wrong on the server side when the client sends 
the message type 1 that prompts the server to drop connection without even 
returning an HTTP response:

2006/06/16 14:35:33:857 CEST [DEBUG] header - >> "CONNECT 
testhsoft.dyndns.org:443 HTTP/1.1"
2006/06/16 14:35:33:857 CEST [DEBUG] HttpMethodBase - Adding Host request header
2006/06/16 14:35:33:857 CEST [DEBUG] header - >> "User-Agent: Jakarta 
Commons-HttpClient/3.0[\r][\n]"
2006/06/16 14:35:33:857 CEST [DEBUG] header - >> "Proxy-Connection: 
Keep-Alive[\r][\n]"
2006/06/16 14:35:33:857 CEST [DEBUG] header - >> "Proxy-Authorization: NTLM 
TlRMTVNTUAABAAAABlIAAAIAAgAoAAAACAAIACAAAABETUMwNjUyN0NN[\r][\n]"
2006/06/16 14:35:33:857 CEST [DEBUG] header - >> "Host: 
testhsoft.dyndns.org[\r][\n]"
2006/06/16 14:35:33:857 CEST [DEBUG] header - >> "[\r][\n]"
2006/06/16 14:35:33:857 CEST [DEBUG] HttpMethodDirector - Closing the 
connection.
2006/06/16 14:35:33:857 CEST [INFO] HttpMethodDirector - I/O exception 
(org.apache.commons.httpclient.NoHttpResponseException) caught when processing 
request: The server testhsoft.dyndns.org failed to respond
2006/06/16 14:35:33:857 CEST [DEBUG] HttpMethodDirector - The server 
testhsoft.dyndns.org failed to respond 
<org.apache.commons.httpclient.NoHttpResponseException: The server 
testhsoft.dyndns.org failed to 
respond>org.apache.commons.httpclient.NoHttpResponseException: The server 
testhsoft.dyndns.org failed to respond
        at 
org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1835)
        at 
org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1590)
        at 
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:995)
        at 
org.apache.commons.httpclient.ConnectMethod.execute(ConnectMethod.java:144)
        at 
org.apache.commons.httpclient.HttpMethodDirector.executeConnect(HttpMethodDirector.java:495)
        at 
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:390)
        at 
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
        at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
        at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
        at 
com.hsoft.net.proxymanagement.testproxy.AppletTestProxyNTLM3.init(AppletTestProxyNTLM3.java:241)
        at sun.applet.AppletPanel.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)

This is not a fault of HttpClient but rather that of ISA. If you are a 
registered Microsoft customer try to seek their support through the official 
support channels. 

I am afraid I am unable to help you any further

Oleg

> HttpClient v3: NTLM + SSL problem
> ---------------------------------
>
>          Key: HTTPCLIENT-586
>          URL: http://issues.apache.org/jira/browse/HTTPCLIENT-586
>      Project: Jakarta HttpClient
>         Type: Bug

>     Versions: 3.0.1
>  Environment: 1.4.2 Java plugin with MS IE 6
>     Reporter: Anton Passiouk
>  Attachments: logs_https_ntlm.zip, ntlm+https.log, 
> ntlm_scheme_jakarta_vs_custom.zip, snippet.zip, snippet.zip
>
> Our application is a simple applet that tries to retrieve URLs contents from 
> a web site.
> It detects browser's proxy parameters and uses the Jakarta HttpClient to 
> request the needed URL.
> First we had problems to simply authenticate ourselves with NTLM so we 
> slightly changed the implementation of the NTLM protocol to hash the password 
> differently (you will find it in the snippet attached to this bug).
> But now we can't get the application working with this proxy when the target 
> web site is secured (HTTPS, no authentication). And it works just fine with 
> another proxy using "Basic" auth scheme (regardless if the site is in HTTP 
> and HTTPS).
> To summarize:
> Basic proxy:
>   HTTP: OK
>   HTTPS: OK
> NTLM proxy:
>   HTTP: OK
>   HTTPS: NOK -> logs are attached
> The exact proxy version is: Microsoft ISA 2000 3.0.1200.365 SP2

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to