Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Digest auth issues, possibly related to QOP
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ray Satiro via curl-users <curl-users_at_lists.haxx.se>
Date: Wed, 10 Aug 2022 02:54:11 -0400
On 8/8/2022 12:13 PM, false via curl-users wrote:
> When performing a http request using Digest auth, is there a way to
> disable QOP support? Or a way to turn on more debugging besides using
> the trace option.
>
> I cannot get curl working with digest against my firewall and I am
> suspect about QOP
>
> Output:
> I always get these messages: 23:36:35.194457 * schannel:
> InitializeSecurityContext failed: SEC_E_QOP_NOT_SUPPORTED (0x8009030A)
> - The per-message Quality of Protection is not supported by the
> security package
>
>
>
> 23:36:35.197811 * Connection #1 to host 192.168.50.1 left intact
>
>
>
> curl: (94) An authentication function returned an error
>
There is a known issue that the SHA-256 digest is not supported in
Windows SSPI builds [1] (that is, your version of Windows doesn't
support it), and that is the only way I know of that error occurring.
Use verbose mode to verify.
If that is the problem, you would have to build curl without SSPI
support. Most curl build systems will have a way to do this, you will
have to check the documentation for the one you are using. For example,
for the winbuild build system the command line option is ENABLE_SSPI=no
and for the autotools build system it is --disable-sspi.
If that is not the problem then we will need the curl_version() and a
server WWW-Authenticate header that can be used to reproduce the issue.
[1]: https://curl.se/docs/knownbugs.html#SHA_256_digest_not_supported_in
Date: Wed, 10 Aug 2022 02:54:11 -0400
On 8/8/2022 12:13 PM, false via curl-users wrote:
> When performing a http request using Digest auth, is there a way to
> disable QOP support? Or a way to turn on more debugging besides using
> the trace option.
>
> I cannot get curl working with digest against my firewall and I am
> suspect about QOP
>
> Output:
> I always get these messages: 23:36:35.194457 * schannel:
> InitializeSecurityContext failed: SEC_E_QOP_NOT_SUPPORTED (0x8009030A)
> - The per-message Quality of Protection is not supported by the
> security package
>
>
>
> 23:36:35.197811 * Connection #1 to host 192.168.50.1 left intact
>
>
>
> curl: (94) An authentication function returned an error
>
There is a known issue that the SHA-256 digest is not supported in
Windows SSPI builds [1] (that is, your version of Windows doesn't
support it), and that is the only way I know of that error occurring.
Use verbose mode to verify.
If that is the problem, you would have to build curl without SSPI
support. Most curl build systems will have a way to do this, you will
have to check the documentation for the one you are using. For example,
for the winbuild build system the command line option is ENABLE_SSPI=no
and for the autotools build system it is --disable-sspi.
If that is not the problem then we will need the curl_version() and a
server WWW-Authenticate header that can be used to reproduce the issue.
[1]: https://curl.se/docs/knownbugs.html#SHA_256_digest_not_supported_in
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-08-10