cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Digest authentication

From: Tom Moers <tom.moers_at_gmail.com>
Date: Tue, 29 Mar 2005 13:40:31 +0200

Hi,

I used curl v7.13.1 to test the authentication with the folowing command:
  curl --verbose --data @data.xml --digest --user usr:usrpw
  http://smeagol.in.com/getServices.php

the output curl gave me is:

* About to connect() to smeagol.in.com port 80
* Trying 172.17.10.39... * connected
* Connected to smeagol.in.com (172.17.10.39) port 80
* Server auth using Digest with user 'usr'
>
       POST /getServices.php HTTP/1.1
       User-Agent: curl/7.13.1 (i386-pc-win32) libcurl/7.13.1 OpenSSL/0.9.7c
       Host: smeagol.in.com
       Pragma: no-cache
       Accept: */*
       Content-Length: 0
       Content-Type: application/x-www-form-urlencoded

< HTTP/1.1 401 Authorization Required
< Date: Tue, 29 Mar 2005 08:51:59 GMT
< Server: Apache/1.3.31 (Win32) PHP/4.3.8
< WWW-Authenticate: Digest realm="Androme",
nonce="LxdJQg==dedf4643b63d689fc85b964c8fff08842d2de654",
algorithm=MD5, qop="auth"
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=iso-8859-1
* Closing connection #0
* Issue another request to this URL: 'http://smeagol.in.com/getServices.php'
* About to connect() to smeagol.in.com port 80
* Trying 172.17.10.39... * connected
* Connected to smeagol.in.com (172.17.10.39) port 80
* Server auth using Digest with user 'usr'
>
       POST /getServices.php HTTP/1.1
       Authorization: Digest username="usr", realm="Androme",
nonce="LxdJQg==dedf4643b63d689fc85b964c8fff08842d2de654",
uri="/getServices.php", cnonce="NzY0NDA4", nc=00000001, qop="auth",
response="25b2f2ff1ee83c27c9ad3ee989d8cc21", algorithm="MD5"
       User-Agent: curl/7.13.1 (i386-pc-win32) libcurl/7.13.1 OpenSSL/0.9.7c
       Host: smeagol.in.com
       Pragma: no-cache
       Accept: */*
       Content-Length: 489
       Content-Type: application/x-www-form-urlencoded
       <SOAP-ENV:Envelope ...>
               ...
       </SOAP-ENV:Envelope>

< HTTP/1.1 200 OK
< Date: Tue, 29 Mar 2005 08:51:59 GMT
< Server: Apache/1.3.31 (Win32) PHP/4.3.8
< Authentication-Info: rspauth="13adf357b98fafe4a3f28322eeb2b4b3",
cnonce="NzY0NDA4", nc=00000001, qop=auth
< X-Powered-By: PHP/4.3.8
< Transfer-Encoding: chunked
< Content-Type: text/html

<SOAP-ENV:Envelope ...>
       ...
</SOAP-ENV:Envelope>
* Connection #0 to host smeagol.in.com left intact
* Closing connection #0

> > When doing a HTTP post with digest authentication libcurl first sends an
> > empty post.
>
> Nope, it does not. It did though. Or perhaps your server rejected the POST
> before curl was able to send anything?

If you look at the output shown above, curl still does send an empty
post and it
doesn't seem like the server rejected the post.

>
> > Then a 401 reponse is received after which curl closes the connection. Curl
> > opens a new connection and sends a new post this time with the content and
> > credentials.
> >
> > It seems that perhapsrewind() decides to close the connection even if no
> > bytes are sent in the first empty post.
> >
> > Is this intended behaviour?
> > Why doesn't curl reuse the HTTP connection?
>
> Because to be able to reuse the connection, it would have to send the whole
> POST first, only to get it discarded by the server. Then it could reuse the
> connection and send the post data properly with the correct credentials. curl
> rather closes the connection and reopons it if the post data is larger than
> 2000 bytes.

The post data shown above is only 489 bytes long, but curl still closes the
connection.

Am I doing something wrong here?

Best regards,

Tom Moers
Received on 2005-03-29