I did some more investigation and found a reference in the TODO file that I
think better describes the problem:

* Support CONNECT 407 responses that kill the connection and expect the
   client to reconnect to complete the authentication. Currently libcurl
   assumes that a proxy connection will be kept alive.

FreeProxy is returning a 407 and closing the connection after the first
attempt, NTLM Auth it appears is just a distraction.

Is anybody actively working on this connection issue?

----- Rom

> -----Original Message-----
> From: Rom Walton
> Sent: Thursday, August 17, 2006 6:34 PM
> To: curl-library_at_cool.haxx.se
> Subject: RE: libCurl and BOINC
>
> > sending all the unnecessary data? If you select HTTP 1.1 mode,
> libcurl
> > should just send the headers and an Expect: 100-continue header and
> > wait for a response before sending the body.
>
> Sorry about the not good part, the problem description was written by
> somebody else and I didn't catch it before sending the email.
>
> That said, we are initializing our session to use HTTP 1.1. I'll
> include
> the rest of our session initialization options at the bottom of this
> email.
>
> The NTLM auth seems to work for an HTTP GET, we are just having
> problems
> with the HTTP POST when going through an NTLM Auth based proxy.
>
> In the ethereal trace I don't see a Expect: 100-continue header item
> from
> libCurl to FreeProxy.
>
> ----- Rom
>
> curlEasy = curl_easy_init(); // get a curl_easy handle to use
> if (!curlEasy) {
> msg_printf(0, MSG_ERROR, "Couldn't create curlEasy handle");
> return ERR_HTTP_ERROR; // returns 0 (CURLM_OK) on successful
> handle
> creation
> }
>
> // OK, we have a handle, now open an asynchronous libcurl
> connection
>
> // set the URL to use
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_URL, m_url);
>
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_SSL_VERIFYHOST, 2L);
>
> // the following sets "tough" certificate checking
> // (i.e. whether self-signed is OK)
> // if zero below, will accept self-signed certificates
> // (cert not 3rd party trusted)
> // if non-zero below, you need a valid 3rd party CA (i.e. Verisign,
> Thawte)
> //
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_SSL_VERIFYPEER, 1L);
>
> // if the above is nonzero, you need the following:
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_CAINFO, "ca-
> bundle.crt");
>
> // set the user agent as this boinc client & version
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_USERAGENT,
> g_user_agent_string);
>
> // bypass any signal handlers that curl may want to install
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_NOSIGNAL, 1L);
> // bypass progress meter
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_NOPROGRESS, 1L);
>
> // setup timeouts
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_TIMEOUT, 0L);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_LOW_SPEED_LIMIT, 10L);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_LOW_SPEED_TIME, 300L);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_CONNECTTIMEOUT, 120L);
>
> // force curl to use HTTP/1.1
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_HTTP_VERSION,
> CURL_HTTP_VERSION_1_1);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_MAXREDIRS, 50L);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_AUTOREFERER, 1L);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_FOLLOWLOCATION, 1L);
>
> // if we tell Curl to accept any encoding (e.g. deflate)
> // it seems to accept them all, which screws up projects that
> // use gzip at the application level.
> // So, detect this and don't accept any encoding in that case
> //
> if (!out || !ends_with(std::string(out), std::string(".gz"))) {
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_ENCODING, "");
> }
>
> if (pi.use_http_proxy) {
> // setup a basic http proxy
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_PROXYTYPE,
> CURLPROXY_HTTP);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_PROXYPORT, (long)
> pi.http_server_port);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_PROXY, (char*)
> pi.http_server_name);
>
> if (pi.use_http_auth) {
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_PROXYAUTH,
> CURLAUTH_ANY);
> sprintf(szCurlProxyUserPwd, "%s:%s", pi.http_user_name,
> pi.http_user_passwd);
> curlErr = curl_easy_setopt(curlEasy, CURLOPT_PROXYUSERPWD,
> szCurlProxyUserPwd);
> }
> }