curl-users
Re: libcurl ignores remote port when using http digest auth
Date: Mon, 13 Mar 2006 14:10:17 +0100 (CET)
On Mon, 13 Mar 2006, j.ryska.mail_at_post.cz wrote:
I've directed my response to the libcurl mailing list, as this is a pure
libcurl issue and is thus better kept on that list. (Still cc'ing the users
list to let them know where this is going.)
> here is the problem. I'm using libCurl (7.15.2). When my program uses port
> different than 80 for connection, then it fail when sending http digest
> credentials. Here is relevant code:
Thanks for your accurate and detailed bug report!
> As you can see second request with digest auth data is trying to connect to port 80 instead of 5020 where apache is running.
> After some research i found this code in transfer.c
>
> 1931: else {
> 1932: /* This is an absolute URL, don't allow the custom port number */
> 1933: data->state.allow_port = FALSE;
>
> This causes that port isn't set for second request: file url.c:
>
> 3430: if(data->set.use_port && data->state.allow_port) {
> 3431: /* if set, we use this and ignore the port possibly given in the URL */
> 3432: conn->remote_port = (unsigned short)data->set.use_port;
>
> So I commented that line 1933 in transfer.c and for now this works for me.
While this fix might work for you, here and now, it is a naive fix that'll
break other apps. If you set a custom port number, this change will make
redirects from such a page also use that port number and that is not what
people will expect.
A proper fix is likely to be more involved and allow the port change while
authentication negotiation but not when following a direct.
Would you be able to produce an updated patch that takes this into
consideration?
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2006-03-13