hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anton Passiouk (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HTTPCLIENT-586) HttpClient v3: NTLM + SSL problem
Date Fri, 16 Jun 2006 13:17:30 GMT
     [ http://issues.apache.org/jira/browse/HTTPCLIENT-586?page=all ]

Anton Passiouk updated HTTPCLIENT-586:

    Attachment: ntlm_scheme_jakarta_vs_custom.zip

Sorry for misunderstanding, I thought "wire log" meant the log of the packets on the wire
(ethernet) ;-)

The only reason we wrote the custom scheme is because the NTLM scheme provided by Jakarta
apparently does not work with Microsoft's ISA server. We have done the testing again with
Jakarta "native" NTLM scheme and with ours, in HTTP and HTTPS.

The file "ntlm_scheme_jakarta_vs_custom.zip" contains 4 log files (with full wire log) generated
during these 4 sessions: *_jakarta.log : application using Jakarta's NTLM auth scheme, *_custom.log:
uses custom scheme.

Both applications request an URL that contains "<htlm>Hello World</html>" and
one can see that the Jakarta's NTLM implementation doesn't manage to authenticate because
in the returned content the proxy says  it can't retrieve the page, while with the custom
scheme it works fine.

During HTTPS session none of the schemes work.

Is seems that there are actually 2 different bugs:
 1/ the NTLM scheme provided by Jakarta doesn't work with Microsoft's NTLM server
 2/ NTLM + HTTPS doesn't work

feel free to use the code of our NTLM implementation in HttpClient, as I already said we just
changed few lines to hash the passwords differently

> HttpClient v3: NTLM + SSL problem
> ---------------------------------
>          Key: HTTPCLIENT-586
>          URL: http://issues.apache.org/jira/browse/HTTPCLIENT-586
>      Project: Jakarta HttpClient
>         Type: Bug

>     Versions: 3.0.1
>  Environment: 1.4.2 Java plugin with MS IE 6
>     Reporter: Anton Passiouk
>  Attachments: logs_https_ntlm.zip, ntlm+https.log, ntlm_scheme_jakarta_vs_custom.zip,
> Our application is a simple applet that tries to retrieve URLs contents from a web site.
> It detects browser's proxy parameters and uses the Jakarta HttpClient to request the
needed URL.
> First we had problems to simply authenticate ourselves with NTLM so we slightly changed
the implementation of the NTLM protocol to hash the password differently (you will find it
in the snippet attached to this bug).
> But now we can't get the application working with this proxy when the target web site
is secured (HTTPS, no authentication). And it works just fine with another proxy using "Basic"
auth scheme (regardless if the site is in HTTP and HTTPS).
> To summarize:
> Basic proxy:
>   HTTP: OK
> NTLM proxy:
>   HTTP: OK
>   HTTPS: NOK -> logs are attached
> The exact proxy version is: Microsoft ISA 2000 3.0.1200.365 SP2

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org

View raw message