curl-library
HTTP authentication negotiation
Date: Wed, 04 Jun 2008 11:29:38 +0200
Dear all,
when we perform a PUT request on a server that either has basic or
digest authentication we get the following trace:
PUT /pres-rules/users/test04_at_androme.com/pres-rules HTTP/1.1
User-Agent: curl/7.18.0 (i586-pc-mingw32msvc) libcurl/7.18.0
OpenSSL/0.9.7e zlib/1.2.3
Host: [our_host]:8000
Accept: */*
Content-type: application/auth-policy+xml
Content-Length: 279
Expect: 100-continue
HTTP/1.1 100 Continue
[full body]
HTTP/1.1 401 Unauthorized
Date: Tue, 03 Jun 2008 12:48:03 GMT
Content-Length: 141
Content-Type: text/html
WWW-Authenticate: basic realm="androme.com"
Server: OpenXCAP/0.9.9
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You
are not authorized to access this resource.</p></body></html>
We have following options set:
curl_easy_setopt ( pCURL, CURLOPT_PRIVATE, (void *)pUpload );
curl_easy_setopt ( pCURL, CURLOPT_URL, remotePathName.c_str () );
curl_easy_setopt ( pCURL, CURLOPT_UPLOAD, 1 );
curl_easy_setopt ( pCURL, CURLOPT_READFUNCTION,
internal::curl_read_callback );
curl_easy_setopt ( pCURL, CURLOPT_READDATA, this );
curl_easy_setopt ( pCURL, CURLOPT_INFILESIZE, body_size );
curl_easy_setopt ( pCURL, CURLOPT_HTTPAUTH, CURLAUTH_BASIC &
CURLAUTH_DIGEST );
curl_easy_setopt ( pCURL, CURLOPT_USERPWD, login.c_str () );
pCURLList = curl_slist_append ( pCURLList, "Content-Type:
application/auth-policy+xml" );
curl_easy_setopt ( pCURL, CURLOPT_HTTPHEADER, pCURLList );
When we perform the following command through curl, the request is
repeated after the 401 unauthorized response.
curl.exe
http://[our_host]:8000/pres-rules/users/test04_at_androme.com/pres-rules -H
"Content-type: application/auth-policy+xml" --user [user:pass] --anyauth
-T upload.txt
Is there any option we can set so that libcurl resends the PUT request
(with authentication) after the 401 unauthorized response, or is this
logic implemented outside libcurl?
Second question: we know that the server where we send the PUT request
to needs authentication (either digest or basic), so we expect to get a
401 response after the first PUT. When we set CURLOPT_HTTPAUTH to
CURLAUTH_DIGEST, we see that the first PUT is sent with content-length:
0 and without "Expect: 100-continue". However when we set
CURLOPT_HTTPAUTH to CURLAUTH_BASIC | CURLAUTH_DIGEST, the first PUT is
sent with content-length: 279 and Expect: 100-continue (as seen in the
trace).
Shouldnt libcurl make a difference between CURLAUTH_BASIC |
CURLAUTH_DIGEST and CURLAUTH_NONE | CURLAUTH_BASIC | CURLAUTH_DIGEST?
regards,
Raf Nulens
Received on 2008-06-04