HTTPS Proxy curl - bash

i am use
curl -x https://www.skillacademy.com --resolve www.skillacademy.com:443:104.18.24.139 https://www.skillacademy.com:443 -vvv
output is
root#localhost:~# curl -x https://www.skillacademy.com --resolve www.skillacademy.com:443:104.18.24.139 https://www.skillacademy.com:443 -vvv
* Added www.skillacademy.com:443:104.18.24.139 to DNS cache
* Hostname www.skillacademy.com was found in DNS cache
* Trying 104.18.24.139:443...
* Connected to www.skillacademy.com (104.18.24.139) port 443 (#0)
* ALPN: offers http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS change cipher, Change cipher spec (1):
* (304) (OUT), TLS Unknown, Certificate Status (22):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Proxy certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: May 10 00:00:00 2022 GMT
* expire date: May 10 23:59:59 2023 GMT
* subjectAltName: host "www.skillacademy.com" matched cert's "*.skillacademy.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* allocate connect buffer
* Establish HTTP proxy tunnel to www.skillacademy.com:443
* (304) (OUT), TLS Unknown, Unknown (23):
> CONNECT www.skillacademy.com:443 HTTP/1.1
> Host: www.skillacademy.com:443
> User-Agent: curl/7.85.0
> Proxy-Connection: Keep-Alive
>
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 400 Bad Request
< Server: cloudflare
< Date: Tue, 18 Oct 2022 06:57:20 GMT
< Content-Type: text/html
< Content-Length: 155
< Connection: close
< CF-RAY: -
<
* Received HTTP code 400 from proxy after CONNECT
* CONNECT phase completed
* Closing connection 0
* (304) (OUT), TLS Unknown, Unknown (21):
* (304) (OUT), TLS alert, close notify (256):
curl: (56) Received HTTP code 400 from proxy after CONNECT
Look at Establish HTTP proxy tunnel to www.skillacademy.com:443
Why still HTTP not a HTTPS ?
what i try :
update openssl to latest
update curl to latest
Here output
root#localhost:~# curl -V
curl 7.85.0 (aarch64-unknown-linux-gnu) libcurl/7.85.0 OpenSSL/1.1.1q zlib/1.2.11
Release-Date: 2022-08-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets
root#localhost:~# openssl version -a
OpenSSL 1.1.1q 5 Jul 2022
built on: Tue Oct 18 06:23:52 2022 UTC
platform: linux-aarch64
options: bn(64,64) rc4(char) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
Seeding source: os-specific
root#localhost:~#
any help will apreciated

Related

How to download file from cloudflare using curl?

As part of pipeline for building Debian package with popular game Factorio i need to download game's distribution files. This is without any problems in gui web browser.
I try to download file using curl but i still cannot solve problem with CSRF token:
#!/bin/sh
LOGIN=""
PASSWD=""
VERSION=`curl -s "https://api.github.com/repos/wube/factorio-data/tags" | jq -r '.[0].name'`
ARCHIVE="factorio_alpha_x64_${VERSION}.tar.xz"
CSRF=`curl -s -c ~/cookie.txt https://www.factorio.com/login | grep csrf_token | awk -F'"' '{print $8}'`
curl -v -c ~/cookie.txt -b ~/cookie.txt -H "X-CSRF-Token: ${CSRF}" -X POST -F "csrf_token=${CSRF}" -F "username_or_email=${LOGIN}" -F "password=${PASSWD}" https://www.factorio.com/login
curl -c ~/cookie.txt https://www.factorio.com/get-download/${VERSION}/alpha/linux64 > ${ARCHIVE}
The script run fail everytime with the final response:
vitex#exiv:~/Projects/Packaging/Games/factorio-deb$ ./downloader.sh
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 104.26.14.88:443...
* Connected to www.factorio.com (104.26.14.88) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Jul 6 00:00:00 2021 GMT
* expire date: Jul 5 23:59:59 2022 GMT
* subjectAltName: host "www.factorio.com" matched cert's "*.factorio.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55eea0a17d10)
> POST /login HTTP/2
> Host: www.factorio.com
> user-agent: curl/7.76.1
> accept: */*
> cookie: session=eyJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.D93FhsjkngmtONrHEFB6P0d4w8Y
> x-csrf-token: IjE5NjJlZTgwZDAyYjBhYTg0NDdlNThmYmExMmRkMzE4Y2U2OTExZGQi.YXicKQ.HKcRPgEkSRVU4_Xat-dCV31sHWg
> content-length: 461
> content-type: multipart/form-data; boundary=------------------------c63b0f58b7ac0deb
>
* We are completely uploaded and fine
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 400
< date: Wed, 27 Oct 2021 00:24:09 GMT
< content-type: text/html; charset=utf-8
< cache-control: no-cache
< x-frame-options: SAMEORIGIN
< strict-transport-security: max-age=31536000
< vary: Cookie
* Replaced cookie session="eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.PbtfNJW_assTK0ZkBWujMpBVnuM" for domain factorio.com, path /, expire 0
< set-cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.PbtfNJW_assTK0ZkBWujMpBVnuM; Domain=.factorio.com; Secure; HttpOnly; Path=/
< via: 1.1 vegur
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZPVm%2FRu31d1J8IkHuFfcRwFad6vXWf2%2FbHrH3PCRg1GFuXfHgsJDXN10zPpE6ZaOP7I1ClCiaDo0i0tO%2B5kih95W6gO28pCyjiiA3oXOmJvFHr%2F4iipMg0xlK7v2rVQ51w%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 6a47c7a32c4f27a0-PRG
<
<!DOCTYPE html>
<html>
<head>
<title> 400 - CSRF Error | Factorio</title>
...
How i can better work with cookies recieved by first request ?
What is wrong here ?

Login to a php site with curl

I am trying to do a bash script to login to a php site via curl. In this way (always with curl) I will be able to download a file.
The site in question is this:
"https://web.spaggiari.eu/home/app/default/login.php"
I thought I could use this command to login by sending a cookie:
curl --anyauth --user username:password https://web.spaggiari.eu/
and then try to download the file from this site using this command (The site below is where I should download the file from):
curl -v https://web.spaggiari.eu/fml/app/default/xml_export.php? 3Aclasse_id% 3A & gruppo_id =% 3Agruppo_id% 3A & ope = RPT & dal = 2020-11-03 & al = 2020-11-03 & format = xls
The output of the command though is this:
* Expire in 2 ms for 1 (transfer 0x558707881f50)
* Trying 159.69.111.222...
* TCP_NODELAY set
* Expire in 149996 ms for 3 (transfer 0x558707881f50)
* Expire in 200 ms for 4 (transfer 0x558707881f50)
* Connected to web.spaggiari.eu (159.69.111.222) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=*.spaggiari.eu
* start date: May 29 00:00:00 2020 GMT
* expire date: May 29 12:00:00 2022 GMT
* subjectAltName: host "web.spaggiari.eu" matched cert's "*.spaggiari.eu"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
* SSL certificate verify ok.
> GET /fml/app/default/xml_export.php?stampa=%3Astampa%3A HTTP/1.1
> Host: web.spaggiari.eu
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx/1.18.0
< Date: Tue, 03 Nov 2020 19:30:46 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN;
< Content-Security-Policy: script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/;frame-ancestors 'self' file: *.spaggiari.eu;
< Set-Cookie: PHPSESSID=pc6u2mc162b30ek2gp9u6phdpt7q85kv; path=/; secure; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Location: ../../../home/app/default/login.php
< X-ZVersion: c
< Pragma: public
< Cache-Control: public, must-revalidate, proxy-revalidate
<
* Connection #0 to host web.spaggiari.eu left intact
That's a redirection sending me to the login page.
So it tells that I have an authentication problem i think.
Now I don't understand what I have to do to be able to log in. I have the correct credentials, but I think I am doing something wrong with the command used.
Thanks everyone for the answers.

Curl command line to send email via gmail

Hi I have had a search on this already and I cannot work out why this keeps failing. I'm using the following curl command to send an email via a gmail account. fails on authentication.
I have tried two accounts one that has 2 factor setup with an app password, and one that just has less secure apps enabled.
both just fail to authenticate.
curl --ssl-reqd --url smtp://smtp.gmail.com:587 --mail-from myemail#gmail.com --mail-rcpt otheremail#gmail.com --user 'myemail#gmail.com:password' --cacert cacert.pem --upload-file mail.txt --TLSv1.2 --tls-max 1.2 --verbose
the cacert.pem came from here https://curl.haxx.se/ca/cacert.pem
This is the output from curl
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 64.233.167.109:587...
* TCP_NODELAY set
* Connected to smtp.gmail.com (64.233.167.109) port 587 (#0)
< 220 smtp.gmail.com ESMTP v11sm289228wml.26 - gsmtp
> EHLO mail.txt
< 250-smtp.gmail.com at your service, [x.x.x.x]
< 250-SIZE 35882577
< 250-8BITMIME
< 250-STARTTLS
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-CHUNKING
< 250 SMTPUTF8
> STARTTLS
< 220 2.0.0 Ready to start TLS
* successfully set certificate verify locations:
* CAfile: c:\utils\curl-7.68.0-win64-mingw\bin\cacert.pem
CApath: none
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [208 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [91 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2342 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [114 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=smtp.gmail.com
* start date: Sep 22 15:25:59 2020 GMT
* expire date: Dec 15 15:25:59 2020 GMT
* subjectAltName: host "smtp.gmail.com" matched cert's "smtp.gmail.com"
* issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1
* SSL certificate verify ok.
} [5 bytes data]
> EHLO mail.txt
{ [5 bytes data]
< 250-smtp.gmail.com at your service, [x.x.x.x]
< 250-SIZE 35882577
< 250-8BITMIME
< 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-CHUNKING
< 250 SMTPUTF8
} [5 bytes data]
> AUTH PLAIN
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0{ [5 bytes data]
< 334
} [5 bytes data]
> ACdhbmR5cGRzMjAxNEBnbWFpbC5jb20AYW9ub3hubnB2Y3N3aGR1bic=
{ [5 bytes data]
< 535-5.7.8 Username and Password not accepted. Learn more at
< 535 5.7.8 https://support.google.com/mail/?p=BadCredentials v11sm289228wml.26 - gsmtp
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, close notify (256):
} [2 bytes data]
curl: (67) Login denied```
I cannot see why this is not working, I can use the app password in another app that does not use OAuth and that lets me send emails OK.
I'm new to using curl and any help will be apricated.
Thanks.
Andy.
Edit: I have also tried this on my linuxVM and that worked fined with GMail, so I tried again in windows and still failed. I just removed the quotes from the user field and it worked fine.
So as I put in the edited question. I have solved it.
the --user 'myemail#gmail.com:password' need the single quotes removing from it and it now connects and sends the mail.
Hopefully this will aid someone else in the future.

Curl not working in Jenkins jobs

I am trying to trigger an remote Jenkins job from an host Jenkins server.
I have created build token. I am trying to call the job using the curl
curl.exe -v -x -K --insecure -u "username#username.com:pwd" POST https://hostname:8443/job/mypackjob/build?token=XXXIODFASDF
if use the same command from the command prompt (i.e Windows CMD) the job is getting triggered, but from the Jenkins job it is not working. I am getting HTTP/1.1 error.
* Rebuilt URL to: POST/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: POST
* Closing connection 0
curl: (6) Could not resolve host: POST
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 132.186.32.5...
* TCP_NODELAY set
* Connected to INCHNIISNW0113.net (132.186.32.5) port 8443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [85 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1580 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=INCHNIISNW0113.net
* start date: Nov 3 13:41:11 2016 GMT
* expire date: Dec 31 23:59:59 2039 GMT
* issuer: CN=API
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'username#xxx.com'
} [5 bytes data]
> -K /job/2.50HR0API0Obfuscation/build?token=TRIGGERMEHRAPIBUILD HTTP/1.0
> Host: INCHNIISNW0113.net:8443
> Authorization: Basic **************
> User-Agent: curl/7.58.0
> Accept: */*
>
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0{ [5 bytes data]
**< HTTP/1.1 404 Not Found**
< Date: Wed, 18 Apr 2018 15:46:23 GMT
< X-Content-Type-Options: nosniff
< Server: Jetty(9.4.z-SNAPSHOT)
* no chunk, no close, no size. Assume close to signal end
<
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0{ [5 bytes data]
* TLSv1.2 (IN), TLS alert, Client hello (1):
{ [2 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
* Closing connection 1
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]

Unable to PUT when tunneling to a remote URL using localhost(127.0.0.1)

I wanted to do a GET on the following URL in Postman with Basic Authorization:
https://1.2.3.4:8338/accounts
Unfortunately I cannot connect directly to that server so I've tunneled through Jump server 5.6.7.8 using SSH Tunnel Manager and
ssh -N -p 22 username#5.6.7.8 -o StrictHostKeyChecking=no -L 127.0.0.1:8080:1.2.3.4:8338
That worked. I now want to create a container by doing a PUT to this URL using AWSV4 Authorization:
https://1.2.3.4/testcontainer
If I use the above tunner I get a 404 error. I've a feeling that my issue is that the tunnel is on port 8338 but my URL doesn't specify a port. I've tried leaving the port on 1.2.3.4 blank but it defaults to 0 and the tunnel doesn't work.
I then tried setting that port to 443(default HTTPS port). When I do that I get a SignatureDoesNotMatch error. I think that's because I set the AWSV4 authentication up on port 8338(it's a guess).
Finally I tried to setup AWSV4 authorization with port 443 but received a 403 error.
I'm not sure where to go now. Can anybody advise what I might have to do a PUT to the below URL using localhost?
https://1.2.3.4/testcontainer
UPDATE 2017-06-28
I got access to a server that can connect directly to 1.2.3.4 and decided to try using curl in the terminal. It wouldn't work as I need to use AWS v4 auth. When looking into this I came across s3curl. I've tried running the following:
./s3curl.pl --id personal -- -s -v -X PUT https://1.2.3.4/testcontainer -k
Still no luck. This is the output:
* Hostname was NOT found in DNS cache
* Trying 1.2.3.4...
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: C=US; ST=T; L=A; O=B; CN=access01.b.com; emailAddress=b#us.b.com
* start date: 2017-06-04 08:05:04 GMT
* expire date: 2018-06-05 08:25:00 GMT
* issuer: C=US; ST=I; L=C; O=cc; CN=Manager CA; serialNumber=serialnumber
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> PUT /testcontainer HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 1.2.3.4
> Accept: */*
> Date: Wed, 28 Jun 2017 13:23:01 +0000
> Authorization: AWS authoization
>
< HTTP/1.1 403 Forbidden
< Date: Wed, 28 Jun 2017 13:23:01 GMT
< X-Clv-Request-Id: requestid
< Accept-Ranges: bytes
* Server cc/3.1.0.1 is not blacklisted
< Server: cc/3.1.0.1
< X-Clv-S3-Version: 2.5
< x-amz-request-id: requestid
< Content-Type: application/xml
< Content-Length: 894
<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Error> <Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.</Message><Resource>/pctestcontainer1/</Resource><RequestId>bfb1bdf1-9d7a-4bc7-966a-a3a5e89498eb</RequestId><StringToSign>PUT
Wed, 28 Jun 2017 13:23:01 +0000
* Connection #0 to host 10.137.63.202 left intact
/pctestcontainer1</StringToSign><StringToSignBytes>80 85 84 10 10 10 87 101 100 44 32 50 56 32 74 117 110 32 50 48 49 55 32 49 51 58 50 51 58 48 49 32 43 48 48 48 48 10 47 112 99 116 101 115 116 99 111 110 116 97 105 110 101 114 49</StringToSignBytes><SignatureProvided>signature</SignatureProvided><AWSAccessKeyId>accesskey</AWSAccessKeyId><httpStatusCode>403</httpStatusCode></Error>root#utility:/tmp/cp/s3curl#
Does this mean anything to anybody?
After a lot of investigation I found that I needed to include a "Host" key in my header and use the AWS V4 credentials I generated.
I can now do a PUT using a statement in Postman.

Resources