Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

re-using connection with authentication

From: Sigrid Thijs <sigrid.thijs_at_androme.com>
Date: Mon, 05 Mar 2007 13:44:04 +0100

Hi,

we recently upgraded our client to libcurl version 7.16.0 (win32) and
have now a problem while re-using a connection.

We use HTTP Digest authentication, the following options are set:
CURLOPT_WRITEFUNCTION, CURLOPT_FILE, CURLOPT_PRIVATE, CURLOPT_HTTPHEADER
CURLOPT_URL, CURLOPT_HTTPAUTH, CURLOPT_USERPWD, CURLOPT_POSTFIELDS,
CURLOPT_POSTFIELDSIZE, CURLOPT_CAPATH

The following happens:
1. The client posts an initial HTTP request (without body)

POST /mmas/wbe_302S/wbe.soap.osp HTTP/1.1
Host: 193.166.131.188:8080
Accept: */*
Content-Type: text/xml; charset=utf-8
SOAPaction: ""
Content-Length: 0

2. The client receives a 401 response from the server

HTTP/1.1 401 Authorization Required
Date: Mon, 05 Mar 2007 09:36:43 GMT
Server: Apache/1.3.31 (Unix) PHP/5.0.5 OSP FEPHTTP (mod_in)/1.0.008
mod_ssl/2.8.17 OpenSSL/0.9.7d
Set-cookie: INSessionID=;path=/;expires=Sun, 04-Mar-07 09:36:43 GMT
WWW-Authenticate: Digest realm="WBERealm",
nonce="c23a7595e96edc3df13270fe73f3f456", algorithm=MD5, domain="/",
qop="auth"
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

...

3. The client re-posts the HTTP request containing authorization and body

POST /mmas/wbe_302S/wbe.soap.osp HTTP/1.1
Authorization: Digest username="username_at_mmas.com", realm="WBERealm",
nonce="c23a7595e96edc3df13270fe73f3f456",
uri="/mmas/wbe_302S/wbe.soap.osp", cnonce="MDA0NzE3", nc=00000001,
qop="auth", response="121f382f188f4d88550318893011f841", algorithm="MD5"
Host: 193.166.131.188:8080
Accept: */*
Content-Type: text/xml; charset=utf-8
SOAPaction: ""
Content-Length: 497

...

4. A 200 OK response is received

HTTP/1.1 200 OK
Date: Mon, 05 Mar 2007 09:36:44 GMT
Server: Apache/1.3.31 (Unix) PHP/5.0.5 OSP FEPHTTP (mod_in)/1.0.008
mod_ssl/2.8.17 OpenSSL/0.9.7d
Set-cookie: Sequence=1;path=/
Set-cookie: INSessionID=MTY3ODAxMDJAMjMz;path=/
Content-Type:
Content-Length: 1063

...

5. The client posts a new HTTP request (reuses the connection), with
authorization but without body

POST /mmas/wbe_302S/wbe.soap.osp HTTP/1.1
Authorization: Digest username="username_at_mmas.com", realm="WBERealm",
nonce="c23a7595e96edc3df13270fe73f3f456",
uri="/mmas/wbe_302S/wbe.soap.osp", cnonce="MDA0NzE3", nc=00000001,
qop="auth", response="121f382f188f4d88550318893011f841", algorithm="MD5"
Host: 193.166.131.188:8080
Accept: */*
Content-Type: text/xml; charset=utf-8
SOAPaction: ""
Content-Length: 0

6. As a result of this the server sends a 400 Bad Request response

HTTP/1.1 400 Bad Request
Set-cookie: INSessionID=MTY3ODAxMDJAMjM0;path=/
Content-Type:
Content-Length: 684

...

Do you have any idea why the body is not included in the request sent in
step 5? Because the request already contains the authorization it does
not make any sense to not include the body.

kind regards,

Sigrid
Received on 2007-03-05