hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anton Passiouk (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HTTPCLIENT-586) HttpClient v3: NTLM + SSL problem
Date Fri, 16 Jun 2006 15:04:30 GMT
    [ http://issues.apache.org/jira/browse/HTTPCLIENT-586?page=comments#action_12416534 ] 

Anton Passiouk commented on HTTPCLIENT-586:

Well, I guess the proxy we are trying to get through does implement NTLM v2, that's why we
kindly let you include in the HttpClient our "custom" scheme (which is nothing more than "your"
NTLM scheme which was adapted to work with NTLM v2 but also works with NTLM v1 - you can diff
both files and you will see that only few lines have changed) 

As for the reverse engineering, I thought it is in the interest of Jakarta to make HttpClient
work in most environments in the market (and ours is not SO exotic, it's just a "standard"
ISA server and considering the number of bug reports on NTLM we are not the first to use it)
but of course I don't know what your role/planning/current projects are so it is your call
to do it or not

it's just my 2 cents...

> HttpClient v3: NTLM + SSL problem
> ---------------------------------
>          Key: HTTPCLIENT-586
>          URL: http://issues.apache.org/jira/browse/HTTPCLIENT-586
>      Project: Jakarta HttpClient
>         Type: Bug

>     Versions: 3.0.1
>  Environment: 1.4.2 Java plugin with MS IE 6
>     Reporter: Anton Passiouk
>  Attachments: logs_https_ntlm.zip, ntlm+https.log, ntlm_scheme_jakarta_vs_custom.zip,
snippet.zip, snippet.zip
> Our application is a simple applet that tries to retrieve URLs contents from a web site.
> It detects browser's proxy parameters and uses the Jakarta HttpClient to request the
needed URL.
> First we had problems to simply authenticate ourselves with NTLM so we slightly changed
the implementation of the NTLM protocol to hash the password differently (you will find it
in the snippet attached to this bug).
> But now we can't get the application working with this proxy when the target web site
is secured (HTTPS, no authentication). And it works just fine with another proxy using "Basic"
auth scheme (regardless if the site is in HTTP and HTTPS).
> To summarize:
> Basic proxy:
>   HTTP: OK
> NTLM proxy:
>   HTTP: OK
>   HTTPS: NOK -> logs are attached
> The exact proxy version is: Microsoft ISA 2000 3.0.1200.365 SP2

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org

View raw message