login about faq

I am trying to connect through a proxy server which requires NTLM authentication. I can access the site via the proxy when using a browser such as Firefox, but when I try connecting with the CkHttp python library, I encounter an error.

The error log (below) shows the Type1 message being sent, and server replying with the Type2 (challenge) message, but Chilkat is complaining that the Type2 message is not long enough. I un-encoded the base-64, and verified that the challenge starts with NTLMSSP, followed by some binary data.

I am using the latest version of Chilkat - with Python 2.7 32-bit, running on Windows server 2008R2. I have tried a couple of earlier versions of Chilkat, with the same result.

                  t1_flags: 0x8b207
                  ConnectRequest: CONNECT xml.support.journeycheck.com:80 HTTP/1.1
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Host: xml.support.journeycheck.com
                  Sending CONNECT with NTLM Type1 message to proxy...
                  Receiving NTLM TYPE2 message from proxy...
                    TYPE2 message is not long enough.
                    msgLen: 32
                    Failed to decode TYPE2 input message.
                  Failed to generate NTLM Type 3 message.

asked Oct 09 '14 at 09:18

tch's gravatar image


edited Oct 13 '14 at 06:41

I fear the only way to understand the cause of the problem is to test directly with that proxy server. Is it publicly reachable? If so, I can test with an intentionally invalid password...


answered Oct 10 '14 at 11:50

chilkat's gravatar image

chilkat ♦♦

No, I'm afraid it is in a private network. I have a workaround using curl (a Windows version). The fact that curl works (I have to specify --proxy-ntlm), suggests that this is a limitation in the (otherwise very good) Chilkat lib. But since the trace above contains the base-64 encoded values of both the connect and the corresponding challenge, isn't that enough to analyse the problem?


answered Oct 13 '14 at 06:35

tch's gravatar image


edited Oct 13 '14 at 06:46


answered Oct 13 '14 at 09:35

chilkat's gravatar image

chilkat ♦♦

Many thanks for your quick response. This version decodes the challenge and sends a response, but I then get a "403 Forbidden" response. I think I'm sending all of the credentials correctly, but I'll run a few tests to see if I can infer what's going on.

(Oct 14 '14 at 07:49) tch
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Oct 09 '14 at 09:18

Seen: 1,179 times

Last updated: Oct 14 '14 at 07:49

powered by OSQA