Menu

#65 wget cntlm incompatibility

v0.93 show-stopper
open
nobody
wget (1)
5
2015-02-18
2014-05-21
Thorsten Schroeteler
No

Dear cntlm maintainers,

I am using wget in a corporate environment behind an ISA proxy with ntlm authentification.
We are using cntlm (version 0.92.3) for ntlm authentification.
This works well for all http packet receiving tools (like browsers, curl, lynx, apt, etc).
Except wget from version 1.13 onwards, which produces the following error:

[~/Downloads/wget-1.13.4]$ ./src/wget http://ftp.debian.org
--2014-05-21 14:49:38--  http://ftp.debian.org/
Resolving srv1... 192.168.44.5
Connecting to srv1|192.168.44.5|:3128... connected.
Proxy request sent, awaiting response... 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfil the request. Access to the Web Proxy filter is denied.  )
2014-05-21 14:49:38 ERROR 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfil the request. Access to the Web Proxy filter is denied.  ).

The same occurs with the -no-http-keep-alive option:

[~/Downloads/wget-1.13.4]$ ./src/wget --no-http-keep-alive http://ftp.debian.org
--2014-05-21 14:49:52--  http://ftp.debian.org/
Resolving srv1... 192.168.44.5
Connecting to srv1|192.168.44.5|:3128... connected.
Proxy request sent, awaiting response... No data received.
Retrying.

--2014-05-21 14:49:44--  (try: 2)  http://ftp.debian.org/
Connecting to srv1|192.168.44.5|:3128... connected.
Proxy request sent, awaiting response... 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  )
2014-05-21 14:49:53 ERROR 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ).

svr1 is hosting the cntlm deamon.
wget-1.12 is working fine.

In wget-1.13 if I replace the two request_set_header calls in http.c (line 1683,1684) with one
for "Connection" "Keep-Alive" then the download is successful: 

  if (inhibit_keep_alive)
    request_set_header (req, "Connection", "Close", rel_none);
  else
    {
      if (proxy == NULL)
        request_set_header (req, "Connection", "Keep-Alive", rel_none);
      else
        {
          //request_set_header (req, "Connection", "Close", rel_none);
          //request_set_header (req, "Proxy-Connection", "Keep-Alive", rel_none);
          request_set_header (req, "Connection", "Keep-Alive", rel_none);
        }
    }

I don't know whether this is rather a wget or an cntlm issue. I have posted this to the wget buglist as well.
Any help is appreciated (it would be nice if we don’t need to patch wget in future …).

Kind regards,
Thorsten

Discussion

Log in to post a comment.