cURL / Mailing Lists / curl-users / Single Mail


Curl KeepAlive + Digest Authentication

From: Amit Wankhede <>
Date: Wed, 2 Jul 2014 20:33:58 +0800

Hi , I am trying to test an application which support both Digest Authentication and persistent connection (HTTP Header Connection :  keep-alive) Here what i am trying is curl --digest -u username:password http://sampleurl/fil1.txt http://sampleurl/fil2.txt So, here the first url download works but, second one fails because it uses the 'nonce' for the first url. So, the server rejects the second url with 401 So, support Replay attack. Now, Here I found a workaround  as below  where i need to supply second url again. curl --digest -u username:password http://sampleurl/fil1.txt http://sampleurl/fil2.txt http://sampleurl/fil2.txt After analyzing the HTTP request/response header I found that for the second url after it return 401 (Authentication failure) It returns a new 'nonce' which gets reused for the third url and then it works. I tried creating the bash file and calling curl command twice but, here it doesn't use the persistent connection it creates a new client socket for each  curl command. So, my question is there any standard way to support this scenario in curl where server supports persistent connection as well as digest authentication. Thanks, Amit W

List admin:
Received on 2014-07-02