libest
libest copied to clipboard
cisco
HTTP authentication failed. Auth type=1
From the client, I am passing correct username and password, but cert enrollment request is failing with authentication failure. Below are the server logs. As you can see, First client requests for cacerts, then csrattributes, then cert enroll. Now first client tries cert enroll request without auth header first and it fails which is expected. Then it tries with the auth header but it fails, which should pass. Please help with this.
***EST [INFO][log_access:1314]--> 9.43.42.62 [04/Mar/2025:18:13:21 +0000] "GET /.well-known/est/cacerts HTTP/1.1" -1 0
***EST [INFO][log_header:1292]--> -
***EST [INFO][log_header:1294]--> "libEST 1.2.3"
***EST [INFO][est_server_handle_request:1784]--> Two-phase SSL_shutdown initiated
***EST [INFO][est_server_handle_request:1719]--> Peer IP address: 9.43.42.62
***EST [INFO][est_server_handle_request:1720]--> Peer port : 50539
***EST [INFO][parse_http_message:1160]--> request_len=122
***EST [INFO][parse_http_message:1161]--> request uri=/.well-known/est/csrattrs
***EST [INFO][handle_request:1276]--> /.well-known/est/csrattrs
***EST [INFO][est_asn1_sanity_test:1336]--> Sanity: tag=16, len=38, j=32, out_len=40
***EST [INFO][est_asn1_sanity_test:1336]--> Sanity: tag=6, len=7, j=0, out_len=38
***EST [INFO][est_asn1_sanity_test:1346]--> NID=0
***EST [INFO][est_asn1_sanity_test:1336]--> Sanity: tag=6, len=9, j=0, out_len=29
***EST [INFO][est_asn1_sanity_test:1346]--> NID=48
***EST [INFO][est_asn1_sanity_test:1336]--> Sanity: tag=6, len=5, j=0, out_len=18
***EST [INFO][est_asn1_sanity_test:1346]--> NID=715
***EST [INFO][est_asn1_sanity_test:1336]--> Sanity: tag=6, len=9, j=0, out_len=11
***EST [INFO][est_asn1_sanity_test:1346]--> NID=673
***EST [INFO][log_access:1314]--> 9.43.42.62 [04/Mar/2025:18:13:24 +0000] "GET /.well-known/est/csrattrs HTTP/1.1" -1 0
***EST [INFO][log_header:1292]--> -
***EST [INFO][log_header:1294]--> "libEST 1.2.3"
***EST [INFO][est_server_handle_request:1784]--> Two-phase SSL_shutdown initiated
***EST [INFO][est_server_handle_request:1719]--> Peer IP address: 9.43.42.62
***EST [INFO][est_server_handle_request:1720]--> Peer port : 50543
***EST [INFO][parse_http_message:1160]--> request_len=182
***EST [INFO][parse_http_message:1161]--> request uri=/.well-known/est/simpleenroll
***EST [INFO][handle_request:1276]--> /.well-known/est/simpleenroll
***EST [INFO][check_for_TLS_cert_auth:572]--> TLS: no peer certificate
***EST [INFO][est_enroll_auth:661]--> HTTP auth headers missing, sending HTTP auth request to client.
***EST [INFO][log_access:1314]--> 9.43.42.62 [04/Mar/2025:18:13:27 +0000] "POST /.well-known/est/simpleenroll HTTP/1.1" 401 0
***EST [INFO][log_header:1292]--> -
***EST [INFO][log_header:1294]--> "libEST 1.2.3"
***EST [INFO][est_server_handle_request:1784]--> Two-phase SSL_shutdown initiated
***EST [INFO][est_server_handle_request:1719]--> Peer IP address: 9.43.42.62
***EST [INFO][est_server_handle_request:1720]--> Peer port : 50544
***EST [INFO][parse_http_message:1160]--> request_len=245
***EST [INFO][parse_http_message:1161]--> request uri=/.well-known/est/simpleenroll
***EST [INFO][handle_request:1276]--> /.well-known/est/simpleenroll
***EST [INFO][check_for_TLS_cert_auth:572]--> TLS: no peer certificate
***EST [WARNING][est_enroll_auth:652]--> HTTP authentication failed. Auth type=1
/libest/src/est/.libs/libest-3.2.0p.so(+0xa520) [0x7f12a3fc2520]
/libest/src/est/.libs/libest-3.2.0p.so(est_enroll_auth+0x506) [0x7f12a3fcd7a6]
/libest/src/est/.libs/libest-3.2.0p.so(est_handle_simple_enroll+0x16c) [0x7f12a3fce11c]
/libest/src/est/.libs/libest-3.2.0p.so(est_http_request+0x9b3) [0x7f12a3fd2193]
/libest/src/est/.libs/libest-3.2.0p.so(+0x1c143) [0x7f12a3fd4143]
/libest/src/est/.libs/libest-3.2.0p.so(est_server_handle_request+0x25d) [0x7f12a3fd479d]
/libest/example/server/.libs/estserver(+0xea86) [0x56023680ea86]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db) [0x7f12a36486db]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f12a337161f]
***EST [WARNING][est_http_request:2948]--> Enrollment failed with rc=22 (EST_ERR_AUTH_FAIL)
/libest/src/est/.libs/libest-3.2.0p.so(+0xa520) [0x7f12a3fc2520]
/libest/src/est/.libs/libest-3.2.0p.so(est_http_request+0x55b) [0x7f12a3fd1d3b]
/libest/src/est/.libs/libest-3.2.0p.so(+0x1c143) [0x7f12a3fd4143]
/libest/src/est/.libs/libest-3.2.0p.so(est_server_handle_request+0x25d) [0x7f12a3fd479d]
/libest/example/server/.libs/estserver(+0xea86) [0x56023680ea86]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db) [0x7f12a36486db]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f12a337161f]
***EST [INFO][mg_send_http_error:392]--> [Error 401: Unauthorized
The server was unable to authorize the request.
]
***EST [ERROR][est_mg_handler:1250]--> EST error response code: 22 (EST_ERR_AUTH_FAIL)
/libest/src/est/.libs/libest-3.2.0p.so(+0xa520) [0x7f12a3fc2520]
/libest/src/est/.libs/libest-3.2.0p.so(+0x1c184) [0x7f12a3fd4184]
/libest/src/est/.libs/libest-3.2.0p.so(est_server_handle_request+0x25d) [0x7f12a3fd479d]
/libest/example/server/.libs/estserver(+0xea86) [0x56023680ea86]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db) [0x7f12a36486db]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f12a337161f]
***EST [WARNING][handle_request:1283]--> Incoming request failed rv=22 (EST_ERR_AUTH_FAIL)
/libest/src/est/.libs/libest-3.2.0p.so(+0xa520) [0x7f12a3fc2520]
/libest/src/est/.libs/libest-3.2.0p.so(+0x1c1bc) [0x7f12a3fd41bc]
/libest/src/est/.libs/libest-3.2.0p.so(est_server_handle_request+0x25d) [0x7f12a3fd479d]
/libest/example/server/.libs/estserver(+0xea86) [0x56023680ea86]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db) [0x7f12a36486db]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f12a337161f]
***EST [INFO][log_access:1314]--> 9.43.42.62 [04/Mar/2025:18:13:29 +0000] "POST /.well-known/est/simpleenroll HTTP/1.1" 401 72
***EST [INFO][log_header:1292]--> -
***EST [INFO][log_header:1294]--> "libEST 1.2.3"
***EST [INFO][est_server_handle_request:1784]--> Two-phase SSL_shutdown initiated
