curl-library
PUT behavior concerning digest authentication
Date: Wed, 31 Jan 2007 00:21:39 +0800
Hi all,
I am using libcurl version 7.16.0 under Microsoft Visual C++ to write
an HTTP client. A problem concerning digest authentication occurs when
this client performs HTTP PUT to communicate with an HTTP server which
does not enable digest authentication.
If the client enables digest authentication in libcurl, i.e., set
CURLOPT_HTTPAUTH, the packets captured by Ethereal show that the PUT
request does not carry a body, which is regarded as an error by the
HTTP server.
On the other hand, if the client disables digest authentication in
libcurl, the packets show that the PUT request does carry a body and
therefore can be handled by the HTTP server. However, although there
is only one packet labeled as HTTP PUT by Ethereal, a preceding packet
is labeled as "[TCP segment of a resembled PDU]", of which the "TCP
segment data" contains an HTTP PUT with request line and headers only.
Therefore, it seems that the behavior of HTTP PUT (carry a body or
not) is affected by the desicoin of enabling digest authentication or
not. Originally I guess this is a normal behavior of digest
authentication because libcurl "thinks" there is no need to carry the
body in the 1st PUT request since a 2nd PUT request will surely be
sent to complete the digest authenticaiton process. But this does not
make sense from the perspective of the client since it has no idea in
advance about whether the HTTP server enables digest authentication or
not.
Next, from the survey on previous discussions in the mailing list
archive, I found a topic about the behavior of "Expect" header
handling (please refer to the disscussion on "Libcurl request
generating HTTP/1.1 411 Length Required error" and "bad PUT" during
2003.12 ~ 2004.02). But if this is the case, there should be no
difference caused by "enabling digest authentication or not", since
the "Expect" header is included in the PUT requests in both cases.
As a result, I would like to know whether the PUT behavior in libcurl
is really affected by the desicion of digest authentication, and if
this is the case, how can I use libcurl to communicate with HTTP
servers regardless of their support of digest authentication? Any
comment is appreciated.
Best regards,
Molisado
Received on 2007-01-30