Closed pano9000 closed 1 year ago
After some debugging I found, that the problem relies in those two blocks:
https://github.com/SamDecrock/node-http-ntlm/blob/7058d3482a95bdf7f8686653a9e361d6f3abd20d/ntlm.js#L366-L371 https://github.com/SamDecrock/node-http-ntlm/blob/7058d3482a95bdf7f8686653a9e361d6f3abd20d/ntlm.js#L373-L391
One is using md4
and the other DES-ECB
which have both been removed in the default provider of OpensslV3, see https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers.
So I guess, this leaves us 2 paths for NTLMv1
--openssl-legacy-provider
mode as long as it still exists - however that is something that would need to be mentioned in the README thenI also found another project facing a similar issue here: https://github.com/tediousjs/tedious/issues/1447 (Although they just talk about md4 in that issue).
There also exists a fork of "node-http-ntlm", which seems to be doing exactly what I described in point 2) from above: https://github.com/ftechhelp/request-simple-ntlm-md4 (I haven't tested it though)
@SamDecrock what do you think?
I have checked this fork https://github.com/ftechhelp/request-simple-ntlm-md4 but it's throwing same error :-
Error: error:0308010C:digital envelope routines::unsupported
@SamDecrock ,
@arzooChhatani thanks for checking. I assume it does show the same error, because that fork only replaced the 'MD4', but not 'DES-ECB'. For 'DES-ECB' it still uses node's crypto module, which of course depends on OpenSSL, so we would need some replacement for 'DES-ECB' as well
@SamDecrock , any plan to handle this ?
We got the same issue here
@SamDecrock , any plan to handle this ?
@SamDecrock , any plan to handle this ?
@SamDecrock , any plan to handle this on node 18 ?
Hi @SamDecrock,
Could you please look into this issue? Everyone who is using this package cannot upgrade to NodeJS 18.
Thanks, CJ
@SamDecrock , any plan to handle this on node 18 ?
I have seen that someone opened a pull request in the axios-ntlm repository, which could be applied in this repository as well. They have used des.js for replacing the DES-ECB call and js-md4 for the md4 call.
HI @skrtheboss, I tried using axios-ntlm repository, they haven't replaced DES-ECB and md4 call at every places. It is still throwing digital envelope routines error in node 18.
Hi @arzooChhatani, i have created new npm packages, since i could not wait for this to be released. | package | description |
---|---|---|
@node-ntlm/core | Node.js NTLM utility package | |
@node-ntlm/httpreq | Node.js library to do HTTP NTLM authentication with httpreq |
Let me know if they work out for you, or if you have any suggestions/issues.
Hi @skrtheboss , I have tried using httpreq package in node 14 and node 18 but I am getting Couldn't find NTLM in the message type2 comming from the server error. Could you please help me to resolve this problem ?
@arzooChhatani can you create a reproduction repo somewhere?
@arzooChhatani can you try with the v0.3.1 version?
@skrtheboss , I have tried with version v0.3.0 , will try with v0.3.1 and let you know.
@skrtheboss , its still not working, when I tried to debug I found out that we are not getting proper response from server in www-authenticate headers.
@skrtheboss , changes done in createType1Message is causing that error . Could you please try to compare it with one present in httpntlm . When I replace this function with one present in httpntlm, it worked for me. Could you please check?
@arzooChhatani i think i have found the issue, can you try with the v0.3.2. Thank you!
@skrtheboss , I have verified its working now . Thank you
Perfect, thank you for your time/feedback.
Hi @skrtheboss, thanks for the fix. Could you document steps to migrate from this project?
It should actually be very straightforward. For example:
const httpreq = require('httpntlm');
function fetchNtlm() {
httpreq.get({
url: 'http://ntlm-endpoint/api',
username: 'test',
password: 'test'
}, (error, res) => {
if (error) {
console.error('An error occurred!', error);
} else {
console.log(res.body);
}
})
}
fetchNtlm();
Should look like this:
const httpreq = require('@node-ntlm/httpreq');
async function fetchNtlm() {
try {
const res = await httpreq.get({
url: 'http://ntlm-endpoint/api',
username: 'test',
password: 'test'
})
console.log(res.body);
} catch (error) {
console.error('An error occurred!', error);
}
}
fetchNtlm();
Hi, I fixed it in version 1.8.3 Sorry for the big delay and thanks for the pointers on how to fix it
Hello,
when I try to run some code, that uses node-http-ntlm, using the latest Node LTS (currently v18.12.1) it results in an error:
Running the same code with the previous LTS (v16) I am not experience that issue.
According to [1], it seems to be having to do with some breaking change that happened in node.js v17 related to openssl. A "workaround" apparently is to use "--openssl-legacy-provider" with node or downgrading to v16 - both of which do not feel like a "real solution".
Is anyone else experiencing the same issue with node v18, or is it just me?
[1] https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported