Missing basic authentication header

By Coroser on Mon, 02/22/2021 - 23:19

Hi,

We are using the latest community version of mendelson: Version 01/2021 mendelson opensource AS2 1.1 b59.

We have a partner that uses Basic Authentication apart from encryption and SSL verification, after debugging the connection using a reverse proxy we found out that the latest version of mendelson introduced a bug and isn´t adding the Basic Authentication header.

Apart from that, the hint is also confusing, if we disable the authentication configuration Mendelson displays the correct error message (error 401) but if we enable the authentication configuration the error is: "[ClientProtocolException]...Hint:This is a mainly a negotiation problem on the protocol level. Your partner rejected your connection.
Either your partner expected a secure connection (HTTPS) and you tried a raw connection (HTTP) or vice versa.
It is also possible that your partner expects an other SSL/TLS protocol version or cipher than you offer." even when the username and password are empty.

By using a reverse proxy we could detect that the problem was in the missing basic authentication header and were receiving an error 401.

Thanks,

Forum
AS2

Comments

Submitted by Coroser on Sun, 02/28/2021 - 23:08

For now i downgraded to build 57 that doesn´t have the issue and it is working. It adds the Basic Authentication header.

Profile picture for user service

Submitted by service on Wed, 03/03/2021 - 10:15

Coroser,

thank you for the feedback. In fact we used Basic Authentication which makes no sense in AS2 but needed preemtive Basic Authentication. This has been fixed for the next release.

Regards

Submitted by duke.frank.schneider on Tue, 11/09/2021 - 08:48

Hi, I'm also facing the same situation. For now I would like to install version b57. But I can't find a download link. Can this be provided, please.

Thanks,
Frank