I am trying to connect through a proxy server which requires NTLM authentication. I can access the site via the proxy when using a browser such as Firefox, but when I try connecting with the CkHttp python library, I encounter an error.
The error log (below) shows the Type1 message being sent, and server replying with the Type2 (challenge) message, but Chilkat is complaining that the Type2 message is not long enough. I un-encoded the base-64, and verified that the challenge starts with NTLMSSP, followed by some binary data.
I am using the latest version of Chilkat - 184.108.40.206 with Python 2.7 32-bit, running on Windows server 2008R2. I have tried a couple of earlier versions of Chilkat, with the same result.
proxyConnectNtlm: t1_flags: 0x8b207 ConnectRequest: CONNECT xml.support.journeycheck.com:80 HTTP/1.1 Connection: Keep-Alive Proxy-Connection: Keep-Alive Host: xml.support.journeycheck.com Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIAAgACAAgAAAADAAMACgAAABGSVJTVFBMQ0ZHV0FDUE1URTAwMQ== Sending CONNECT with NTLM Type1 message to proxy... Receiving NTLM TYPE2 message from proxy... NtlmChallenge: TlRMTVNTUAACAAAAAAAAAAAAAAABAgAAKY+OrN2vNDM= genType3: TYPE2 message is not long enough. msgLen: 32 Failed to decode TYPE2 input message. --genType3 Failed to generate NTLM Type 3 message. --proxyConnectNtlm
I fear the only way to understand the cause of the problem is to test directly with that proxy server. Is it publicly reachable? If so, I can test with an intentionally invalid password...
No, I'm afraid it is in a private network. I have a workaround using curl (a Windows version). The fact that curl works (I have to specify --proxy-ntlm), suggests that this is a limitation in the (otherwise very good) Chilkat lib. But since the trace above contains the base-64 encoded values of both the connect and the corresponding challenge, isn't that enough to analyse the problem?
Thanks. Try these new builds to see if it works now: