Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Build working libcurl with WinSSL, NTLM, HTTP2, SSH2 and IPv6 support

In our PHP application, we need the PHP curl-extension built in a way, that it supports the following features:

  • WinSSL (Access to the Windows certificate store)
  • NTLM, Basic and Digest authentication
  • HTTP/2 support
  • SSH2 support
  • IPv6 support

I've tried to build curl in a way to achieve this:

  • Link it against WinSSL
  • Link it against nghttp2
  • Link it against libssh2
  • Enable IPv6

I did so with the command line:

nmake /f Makefile.vc mode=dll VC=15 ENABLE_WINSSL=yes DEBUG=no MACHINE=x64 ENABLE_SSPI=no WITH_NGHTTP2=dll WITH_ZLIB=static WITH_SSH2=static WITH_DEVEL=C:\curl\deps-x64

In curls winbuild/ subfolder. Then I compiled the PHP curl extension against the result.

With the result, I have the following incorrect behavior when doing an HTTP request against a web service which offers Basic, Digest, NTLM and Negotiate authentication (an Exchange webservice):

  • If curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM); is used, everything works fine.

  • If curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); is used, everything works fine, too.

  • If curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM | CURLAUTH_BASIC); is used, authentication fails.

The failing request contains an NTLM token which is way too short (seems to be cut off at some point). Some googling indicated that this may be due to curl being compiled to use SSPI. However, I cannot disable SSPI, because WinSSL requires it.

Does anyone know a solution to this? How to get a php-curl extension that fulfills all the above requirements?

like image 425
Jost Avatar asked Jan 08 '19 17:01

Jost


1 Answers

I believe the LibCurl here satisfies all that:

https://curl.haxx.se/windows

Using this file:

#include <curl/curl.h>
#include <stdio.h>
int main() {
   curl_version_info_data *o = curl_version_info(CURLVERSION_NOW); 
   printf("SSL: %s\n", o->ssl_version);
   printf("NTLM: %d\n", o->features & CURL_VERSION_NTLM);
   printf("HTTP/2: %d\n", o->features & CURL_VERSION_HTTP2);
   printf("SSH2: %s\n", o->libssh_version);
   printf("IPv6: %d\n", o->features & CURL_VERSION_IPV6);
}

Build:

cc https.c `
'-Icurl-7.70.0-win64-mingw\include' `
'-Lcurl-7.70.0-win64-mingw\lib' `
-lcrypt32 `
-lcurl `
-lwldap32 `
-lws2_32

Result:

SSL: OpenSSL/1.1.1g (Schannel)
NTLM: 16
HTTP/2: 65536
SSH2: libssh2/1.9.0
IPv6: 1

I did not build with Visual Studio, but Clang:

https://github.com/mstorsjo/llvm-mingw

Also I am not sure what exactly OpenSSL/1.1.1g (Schannel), I guess it means OpenSSL and WinSSL both? If that's not the case, you can build LibCurl yourself with CFG=-winssl:

https://github.com/nu8/gulf/blob/master/c-https/1-curl.ps1

like image 66
Zombo Avatar answered Nov 13 '22 19:11

Zombo