curl-users
Curl KeepAlive + Digest Authentication
Date: Wed, 2 Jul 2014 20:33:58 +0800
Hi ,
I am trying to test an application which support both Digest Authentication and persistent connection (HTTP Header Connection : keep-alive)
Here what i am trying is
curl --digest -u username:password http://sampleurl/fil1.txt http://sampleurl/fil2.txt
So, here the first url download works but, second one fails because it uses the 'nonce' for the first url. So, the server rejects the second url with 401 So, support Replay attack.
Now, Here I found a workaround as below where i need to supply second url again.
curl --digest -u username:password http://sampleurl/fil1.txt http://sampleurl/fil2.txt http://sampleurl/fil2.txt
After analyzing the HTTP request/response header I found that for the second url after it return 401 (Authentication failure) It returns a new 'nonce'
which gets reused for the third url and then it works.
I tried creating the bash file and calling curl command twice but, here it doesn't use the persistent connection it creates a new client socket for each curl command.
So, my question is there any standard way to support this scenario in curl where server supports persistent connection as well as digest authentication.
Thanks,
Amit W
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-02