You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by "Cech. Ulrich" <Ul...@aeb.de> on 2008/11/05 16:17:37 UTC
AW: NTLM-Proxy authentication and SSL-target
<The version of Squid you are using appears broken. The proxy keeps one
sending 'Proxy-Connection: close' which is wrong given the fact that NTLM
requires a persistent connection in order to function.>
Hi Oleg,
But how can it be explained, that a non-ssl target is handled correct? The
wire-log shows a "Proxy-connection: closed" too, but the authentication
works fine.
And if I open the ssl-target over a browser (the same proxy is used), it
worked fine, too.
Perhaps, do I have to set some more header fields manually to force the
correct behavior?
Many thanks!
I put in the wire-log of the non-ssl target.
executing request: GET / HTTP/1.1
via proxy: http://s-hqw2k3bd:3128
to target: http://www.verisign.com:80
[DEBUG] ClientParamsStack - 'http.protocol.max-redirects': null
[DEBUG] ClientParamsStack - 'http.route.forced-route': null
[DEBUG] ClientParamsStack - 'http.route.local-address': null
[DEBUG] ClientParamsStack - 'http.route.default-proxy':
http://s-hqw2k3bd:3128
[DEBUG] ClientParamsStack - 'http.conn-manager.timeout': null
[DEBUG] SingleClientConnManager - Get connection for route
HttpRoute[{}->http://s-hqw2k3bd:3128->http://www.verisign.com:80]
[DEBUG] ClientParamsStack - 'http.connection.stalecheck': null
[DEBUG] DefaultRequestDirector - Stale connection check
[DEBUG] DefaultRequestDirector - Stale connection detected
[DEBUG] DefaultClientConnection - Connection closed
[DEBUG] ClientParamsStack - 'http.connection.timeout': null
[DEBUG] ClientParamsStack - 'http.tcp.nodelay': null
[DEBUG] ClientParamsStack - 'http.socket.timeout': null
[DEBUG] ClientParamsStack - 'http.socket.linger': null
[DEBUG] ClientParamsStack - 'http.socket.buffer-size': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-header-count': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null
[DEBUG] ClientParamsStack - 'http.virtual-host': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.default-headers': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
(java 1.4)
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
[DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] DefaultRequestDirector - Attempt 1 to execute request
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
[DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
[DEBUG] headers - >> Host: www.verisign.com:80
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
[DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]"
[DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]"
[DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:21 GMT[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "Content-Length: 1359[EOL]"
[DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:21 GMT[EOL]"
[DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
[DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
[DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]"
[DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)[EOL]"
[DEBUG] wire - << "Proxy-Connection: close[EOL]"
[DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required
[DEBUG] headers - << Server: squid/2.6.STABLE6-NT
[DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:21 GMT
[DEBUG] headers - << Content-Type: text/html
[DEBUG] headers - << Content-Length: 1359
[DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:21 GMT
[DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
[DEBUG] headers - << Proxy-Authenticate: NTLM
[DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
[DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128
[DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)
[DEBUG] headers - << Proxy-Connection: close
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null
[DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null
[DEBUG] DefaultRequestDirector - Proxy requested authentication
[DEBUG] DefaultProxyAuthenticationHandler - Authentication schemes in the
order of preference: [ntlm, digest, basic]
[DEBUG] DefaultProxyAuthenticationHandler - ntlm authentication scheme
selected
[DEBUG] DefaultRequestDirector - Authorization challenge processed
[DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any
realm>@s-hqw2k3bd:3128
[DEBUG] DefaultRequestDirector - Found credentials
[DEBUG] DefaultClientConnection - Connection closed
[DEBUG] ClientParamsStack - 'http.connection.timeout': null
[DEBUG] ClientParamsStack - 'http.tcp.nodelay': null
[DEBUG] ClientParamsStack - 'http.socket.timeout': null
[DEBUG] ClientParamsStack - 'http.socket.linger': null
[DEBUG] ClientParamsStack - 'http.socket.buffer-size': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-header-count': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null
[DEBUG] ClientParamsStack - 'http.virtual-host': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.default-headers': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
(java 1.4)
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
[DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] DefaultRequestDirector - Attempt 2 to execute request
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
[DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
[DEBUG] wire - >> "Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
[DEBUG] headers - >> Host: www.verisign.com:80
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
[DEBUG] headers - >> Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0
[DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]"
[DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]"
[DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "Content-Length: 1359[EOL]"
[DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
[DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=
[EOL]"
[DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
[DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]"
[DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)[EOL]"
[DEBUG] wire - << "Proxy-Connection: keep-alive[EOL]"
[DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required
[DEBUG] headers - << Server: squid/2.6.STABLE6-NT
[DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT
[DEBUG] headers - << Content-Type: text/html
[DEBUG] headers - << Content-Length: 1359
[DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:22 GMT
[DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
[DEBUG] headers - << Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=
[DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
[DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128
[DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)
[DEBUG] headers - << Proxy-Connection: keep-alive
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null
[DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null
[DEBUG] DefaultRequestDirector - Proxy requested authentication
[DEBUG] DefaultRequestDirector - Authorization challenge processed
[DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any
realm>@s-hqw2k3bd:3128
[DEBUG] DefaultRequestDirector - Connection kept alive
[DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">[\r][\n]"
[DEBUG] wire - << "<HTML><HEAD><META HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=iso-8859-1">[\r][\n]"
[DEBUG] wire - << "<TITLE>ERROR: Cache Access Denied</TITLE>[\r][\n]"
[DEBUG] wire - << "<STYLE
type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-s
erif}PRE{font-family:sans-serif}--></STYLE>[\r][\n]"
[DEBUG] wire - << "</HEAD>[\r][\n]"
[DEBUG] wire - << "<BODY>[\r][\n]"
[DEBUG] wire - << "<H1>ERROR</H1>[\r][\n]"
[DEBUG] wire - << "<H2>Cache Access Denied</H2>[\r][\n]"
[DEBUG] wire - << "<HR noshade size="1px">[\r][\n]"
[DEBUG] wire - << "<P>[\r][\n]"
[DEBUG] wire - << "While trying to retrieve the URL:[\r][\n]"
[DEBUG] wire - << "<A
HREF="http://www.verisign.com/">http://www.verisign.com/</A>[\r][\n]"
[DEBUG] wire - << "<P>[\r][\n]"
[DEBUG] wire - << "The following error was encountered:[\r][\n]"
[DEBUG] wire - << "<UL>[\r][\n]"
[DEBUG] wire - << "<LI>[\r][\n]"
[DEBUG] wire - << "<STRONG>[\r][\n]"
[DEBUG] wire - << "Cache Access Denied.[\r][\n]"
[DEBUG] wire - << "</STRONG>[\r][\n]"
[DEBUG] wire - << "</UL>[\r][\n]"
[DEBUG] wire - << "</P>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "<P>Sorry, you are not currently allowed to
request:[\r][\n]"
[DEBUG] wire - << "<PRE> http://www.verisign.com/</PRE>[\r][\n]"
[DEBUG] wire - << "from this cache until you have authenticated
yourself.[\r][\n]"
[DEBUG] wire - << "</P>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "<P>[\r][\n]"
[DEBUG] wire - << "You need to use Netscape version 2.0 or greater, or
Microsoft Internet[\r][\n]"
[DEBUG] wire - << "Explorer 3.0, or an HTTP/1.1 compliant browser for this
to work. Please[\r][\n]"
[DEBUG] wire - << "contact the <A HREF="mailto:webmaster">cache
administrator</a> if you have[\r][\n]"
[DEBUG] wire - << "difficulties authenticating yourself or [\r][\n]"
[DEBUG] wire - << "<A
HREF="http://s-hqw2k3bd.pmbelz.de/cgi-bin/chpasswd.cgi">change</a> your
default password.[\r][\n]"
[DEBUG] wire - << "</P>[\r][\n]"
[DEBUG] wire - << "[\n]"
[DEBUG] wire - << "<BR clear="all">[\n]"
[DEBUG] wire - << "<HR noshade size="1px">[\n]"
[DEBUG] wire - << "<ADDRESS>[\n]"
[DEBUG] wire - << "Generated Thu, 30 Oct 2008 07:21:22 GMT by
s-hqw2k3bd.pmbelz.de (squid/2.6.STABLE6-NT)[\n]"
[DEBUG] wire - << "</ADDRESS>[\n]"
[DEBUG] wire - << "</BODY></HTML>[\n]"
[DEBUG] ClientParamsStack - 'http.virtual-host': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.default-headers': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
(java 1.4)
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
[DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] DefaultRequestDirector - Attempt 3 to execute request
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
[DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
[DEBUG] wire - >> "Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA
AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA
TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA=[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
[DEBUG] headers - >> Host: www.verisign.com:80
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
[DEBUG] headers - >> Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA
AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA
TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA=
[DEBUG] wire - << "HTTP/1.0 200 OK[EOL]"
[DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
[DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
[DEBUG] wire - << "Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed,
19 Feb 2020 14:28:00 GMT; domain=.verisign.com[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
[DEBUG] wire - << "X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128[EOL]"
[DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)[EOL]"
[DEBUG] wire - << "Proxy-Connection: close[EOL]"
[DEBUG] headers - << HTTP/1.0 200 OK
[DEBUG] headers - << Server: Netscape-Enterprise/4.1
[DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT
[DEBUG] headers - << Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed,
19 Feb 2020 14:28:00 GMT; domain=.verisign.com
[DEBUG] headers - << Content-Type: text/html
[DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
[DEBUG] headers - << X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128
[DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)
[DEBUG] headers - << Proxy-Connection: close
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
----------------------------------------
HTTP/1.0 200 OK
Response content length: -1
----------------------------------------
HTTP/1.0 200 OK
Server: Netscape-Enterprise/4.1
Date: Thu, 30 Oct 2008 07:21:22 GMT
Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed, 19 Feb 2020 14:28:00
GMT; domain=.verisign.com
Content-Type: text/html
X-Cache: MISS from s-hqw2k3bd.pmbelz.de
X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128
Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT)
Proxy-Connection: close
----------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: AW: NTLM-Proxy authentication and SSL-target
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2008-11-05 at 16:17 +0100, Cech. Ulrich wrote:
> <The version of Squid you are using appears broken. The proxy keeps one
> sending 'Proxy-Connection: close' which is wrong given the fact that NTLM
> requires a persistent connection in order to function.>
>
> Hi Oleg,
>
> But how can it be explained, that a non-ssl target is handled correct? The
> wire-log shows a "Proxy-connection: closed" too, but the authentication
> works fine.
> And if I open the ssl-target over a browser (the same proxy is used), it
> worked fine, too.
> Perhaps, do I have to set some more header fields manually to force the
> correct behavior?
>
Well, take a closer look at the wire log. The connection _is_ being
correctly reused between the initial challenge, message1, message2 and
message3 when SSL is not used. So, Squid is definitely the culprit.
You _may_ work the problem around by removing the offending 'Connection:
close' headers using a protocol interceptor or by employing a custom
connection reuse strategy. Use at your risk, though.
Oleg
> Many thanks!
>
> I put in the wire-log of the non-ssl target.
>
>
> executing request: GET / HTTP/1.1
> via proxy: http://s-hqw2k3bd:3128
> to target: http://www.verisign.com:80
> [DEBUG] ClientParamsStack - 'http.protocol.max-redirects': null
> [DEBUG] ClientParamsStack - 'http.route.forced-route': null
> [DEBUG] ClientParamsStack - 'http.route.local-address': null
> [DEBUG] ClientParamsStack - 'http.route.default-proxy':
> http://s-hqw2k3bd:3128
> [DEBUG] ClientParamsStack - 'http.conn-manager.timeout': null
> [DEBUG] SingleClientConnManager - Get connection for route
> HttpRoute[{}->http://s-hqw2k3bd:3128->http://www.verisign.com:80]
> [DEBUG] ClientParamsStack - 'http.connection.stalecheck': null
> [DEBUG] DefaultRequestDirector - Stale connection check
> [DEBUG] DefaultRequestDirector - Stale connection detected
> [DEBUG] DefaultClientConnection - Connection closed
> [DEBUG] ClientParamsStack - 'http.connection.timeout': null
> [DEBUG] ClientParamsStack - 'http.tcp.nodelay': null
> [DEBUG] ClientParamsStack - 'http.socket.timeout': null
> [DEBUG] ClientParamsStack - 'http.socket.linger': null
> [DEBUG] ClientParamsStack - 'http.socket.buffer-size': null
> [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
> [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
> [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
> [DEBUG] ClientParamsStack - 'http.connection.max-header-count': null
> [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
> [DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null
> [DEBUG] ClientParamsStack - 'http.virtual-host': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.default-headers': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
> (java 1.4)
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
> [DEBUG] RequestAddCookies - CookieSpec selected: best-match
> [DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
> [DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] DefaultRequestDirector - Attempt 1 to execute request
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
> [DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
> [DEBUG] headers - >> Host: www.verisign.com:80
> [DEBUG] headers - >> Connection: Keep-Alive
> [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
> [DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]"
> [DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]"
> [DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:21 GMT[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 1359[EOL]"
> [DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:21 GMT[EOL]"
> [DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
> [DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
> [DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]"
> [DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
> (squid/2.6.STABLE6-NT)[EOL]"
> [DEBUG] wire - << "Proxy-Connection: close[EOL]"
> [DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required
> [DEBUG] headers - << Server: squid/2.6.STABLE6-NT
> [DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:21 GMT
> [DEBUG] headers - << Content-Type: text/html
> [DEBUG] headers - << Content-Length: 1359
> [DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:21 GMT
> [DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> [DEBUG] headers - << Proxy-Authenticate: NTLM
> [DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
> [DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128
> [DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
> (squid/2.6.STABLE6-NT)
> [DEBUG] headers - << Proxy-Connection: close
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null
> [DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null
> [DEBUG] DefaultRequestDirector - Proxy requested authentication
> [DEBUG] DefaultProxyAuthenticationHandler - Authentication schemes in the
> order of preference: [ntlm, digest, basic]
> [DEBUG] DefaultProxyAuthenticationHandler - ntlm authentication scheme
> selected
> [DEBUG] DefaultRequestDirector - Authorization challenge processed
> [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any
> realm>@s-hqw2k3bd:3128
> [DEBUG] DefaultRequestDirector - Found credentials
> [DEBUG] DefaultClientConnection - Connection closed
> [DEBUG] ClientParamsStack - 'http.connection.timeout': null
> [DEBUG] ClientParamsStack - 'http.tcp.nodelay': null
> [DEBUG] ClientParamsStack - 'http.socket.timeout': null
> [DEBUG] ClientParamsStack - 'http.socket.linger': null
> [DEBUG] ClientParamsStack - 'http.socket.buffer-size': null
> [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
> [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
> [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
> [DEBUG] ClientParamsStack - 'http.connection.max-header-count': null
> [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
> [DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null
> [DEBUG] ClientParamsStack - 'http.virtual-host': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.default-headers': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
> (java 1.4)
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
> [DEBUG] RequestAddCookies - CookieSpec selected: best-match
> [DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
> [DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] DefaultRequestDirector - Attempt 2 to execute request
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
> [DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM
> TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
> [DEBUG] headers - >> Host: www.verisign.com:80
> [DEBUG] headers - >> Connection: Keep-Alive
> [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
> [DEBUG] headers - >> Proxy-Authorization: NTLM
> TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0
> [DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]"
> [DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]"
> [DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "Content-Length: 1359[EOL]"
> [DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
> [DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]"
> [DEBUG] wire - << "Proxy-Authenticate: NTLM
> TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=
> [EOL]"
> [DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
> [DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]"
> [DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
> (squid/2.6.STABLE6-NT)[EOL]"
> [DEBUG] wire - << "Proxy-Connection: keep-alive[EOL]"
> [DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required
> [DEBUG] headers - << Server: squid/2.6.STABLE6-NT
> [DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT
> [DEBUG] headers - << Content-Type: text/html
> [DEBUG] headers - << Content-Length: 1359
> [DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:22 GMT
> [DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
> [DEBUG] headers - << Proxy-Authenticate: NTLM
> TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=
> [DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
> [DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128
> [DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
> (squid/2.6.STABLE6-NT)
> [DEBUG] headers - << Proxy-Connection: keep-alive
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null
> [DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null
> [DEBUG] DefaultRequestDirector - Proxy requested authentication
> [DEBUG] DefaultRequestDirector - Authorization challenge processed
> [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any
> realm>@s-hqw2k3bd:3128
> [DEBUG] DefaultRequestDirector - Connection kept alive
> [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
> Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">[\r][\n]"
> [DEBUG] wire - << "<HTML><HEAD><META HTTP-EQUIV="Content-Type"
> CONTENT="text/html; charset=iso-8859-1">[\r][\n]"
> [DEBUG] wire - << "<TITLE>ERROR: Cache Access Denied</TITLE>[\r][\n]"
> [DEBUG] wire - << "<STYLE
> type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-s
> erif}PRE{font-family:sans-serif}--></STYLE>[\r][\n]"
> [DEBUG] wire - << "</HEAD>[\r][\n]"
> [DEBUG] wire - << "<BODY>[\r][\n]"
> [DEBUG] wire - << "<H1>ERROR</H1>[\r][\n]"
> [DEBUG] wire - << "<H2>Cache Access Denied</H2>[\r][\n]"
> [DEBUG] wire - << "<HR noshade size="1px">[\r][\n]"
> [DEBUG] wire - << "<P>[\r][\n]"
> [DEBUG] wire - << "While trying to retrieve the URL:[\r][\n]"
> [DEBUG] wire - << "<A
> HREF="http://www.verisign.com/">http://www.verisign.com/</A>[\r][\n]"
> [DEBUG] wire - << "<P>[\r][\n]"
> [DEBUG] wire - << "The following error was encountered:[\r][\n]"
> [DEBUG] wire - << "<UL>[\r][\n]"
> [DEBUG] wire - << "<LI>[\r][\n]"
> [DEBUG] wire - << "<STRONG>[\r][\n]"
> [DEBUG] wire - << "Cache Access Denied.[\r][\n]"
> [DEBUG] wire - << "</STRONG>[\r][\n]"
> [DEBUG] wire - << "</UL>[\r][\n]"
> [DEBUG] wire - << "</P>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<P>Sorry, you are not currently allowed to
> request:[\r][\n]"
> [DEBUG] wire - << "<PRE> http://www.verisign.com/</PRE>[\r][\n]"
> [DEBUG] wire - << "from this cache until you have authenticated
> yourself.[\r][\n]"
> [DEBUG] wire - << "</P>[\r][\n]"
> [DEBUG] wire - << "[\r][\n]"
> [DEBUG] wire - << "<P>[\r][\n]"
> [DEBUG] wire - << "You need to use Netscape version 2.0 or greater, or
> Microsoft Internet[\r][\n]"
> [DEBUG] wire - << "Explorer 3.0, or an HTTP/1.1 compliant browser for this
> to work. Please[\r][\n]"
> [DEBUG] wire - << "contact the <A HREF="mailto:webmaster">cache
> administrator</a> if you have[\r][\n]"
> [DEBUG] wire - << "difficulties authenticating yourself or [\r][\n]"
> [DEBUG] wire - << "<A
> HREF="http://s-hqw2k3bd.pmbelz.de/cgi-bin/chpasswd.cgi">change</a> your
> default password.[\r][\n]"
> [DEBUG] wire - << "</P>[\r][\n]"
> [DEBUG] wire - << "[\n]"
> [DEBUG] wire - << "<BR clear="all">[\n]"
> [DEBUG] wire - << "<HR noshade size="1px">[\n]"
> [DEBUG] wire - << "<ADDRESS>[\n]"
> [DEBUG] wire - << "Generated Thu, 30 Oct 2008 07:21:22 GMT by
> s-hqw2k3bd.pmbelz.de (squid/2.6.STABLE6-NT)[\n]"
> [DEBUG] wire - << "</ADDRESS>[\n]"
> [DEBUG] wire - << "</BODY></HTML>[\n]"
> [DEBUG] ClientParamsStack - 'http.virtual-host': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.default-headers': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
> (java 1.4)
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
> [DEBUG] RequestAddCookies - CookieSpec selected: best-match
> [DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
> [DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] DefaultRequestDirector - Attempt 3 to execute request
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
> [DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
> [DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
> [DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
> [DEBUG] wire - >> "Proxy-Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA
> AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA
> TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA=[EOL]"
> [DEBUG] wire - >> "[EOL]"
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> [DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
> [DEBUG] headers - >> Host: www.verisign.com:80
> [DEBUG] headers - >> Connection: Keep-Alive
> [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
> [DEBUG] headers - >> Proxy-Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA
> AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA
> TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA=
> [DEBUG] wire - << "HTTP/1.0 200 OK[EOL]"
> [DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
> [DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
> [DEBUG] wire - << "Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed,
> 19 Feb 2020 14:28:00 GMT; domain=.verisign.com[EOL]"
> [DEBUG] wire - << "Content-Type: text/html[EOL]"
> [DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
> [DEBUG] wire - << "X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128[EOL]"
> [DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
> (squid/2.6.STABLE6-NT)[EOL]"
> [DEBUG] wire - << "Proxy-Connection: close[EOL]"
> [DEBUG] headers - << HTTP/1.0 200 OK
> [DEBUG] headers - << Server: Netscape-Enterprise/4.1
> [DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT
> [DEBUG] headers - << Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed,
> 19 Feb 2020 14:28:00 GMT; domain=.verisign.com
> [DEBUG] headers - << Content-Type: text/html
> [DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
> [DEBUG] headers - << X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128
> [DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
> (squid/2.6.STABLE6-NT)
> [DEBUG] headers - << Proxy-Connection: close
> [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
> ----------------------------------------
> HTTP/1.0 200 OK
> Response content length: -1
> ----------------------------------------
> HTTP/1.0 200 OK
> Server: Netscape-Enterprise/4.1
> Date: Thu, 30 Oct 2008 07:21:22 GMT
> Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed, 19 Feb 2020 14:28:00
> GMT; domain=.verisign.com
> Content-Type: text/html
> X-Cache: MISS from s-hqw2k3bd.pmbelz.de
> X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128
> Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT)
> Proxy-Connection: close
> ----------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org