On Fri, 3 Oct 2003, David Byron wrote:

> > --fail doesn't work with NTLM authentication. I've added a note about this
> > in the KNOWN_BUGS document. Fixing this is not as straight-forward as it
> > may sound.
>
> This part is a little scary. I looked in docs/KNOWN_BUGS in cvs and didn't
> see anything about it in rev 1.12. Can you elaborate?

The third menioned bug from the top: "Using CURLOPT_FAILONERROR (-f/--fail)
will make authentication to stop working if you use anything but plain Basic
auth."

> I have a feeling this may move near the top of my list. Can you provide any
> pointers for getting started on a fix, or should I just dive in and see what
> I can see?

In the latest CVS, the existing check for this is around lib/transfer.c:540.
It simply checks for a httpcode >= 400 and the CURLOPT_FAILONERROR option.

However, several of the new authentication schemes we support now, are
expected to return one or even two 401 (or 407) response codes before the
"actual one" is sent back. Only the last "actual" one should be subject to get
checked if CURLOPT_FAILONERROR is enabled.

> > > - Is there some way to may the embedded user and password work all the
> > > time, even with proxies, https, -k (or not), etc.?
> >
> > We should make the code support this.
>
> If I'm doing the above, perhaps I can do this as well. I took a brief look
> at url.c and it seemed like the fix would involve only changing that file.
> Do you agree?

I agree.

-- 
 Daniel Stenberg -- curl: been grokking URLs since 1998
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf