On Wed, Jun 15, 2011 at 4:29 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Wed, 1 Jun 2011, Jim Hollinger wrote:
>
> (Sorry for the massive delay on my response.)
>
>
> Furthermore, a conditional check was added to
>> Curl_http_readwrite_headers() to detect the special case where an RTSP
>> DESCRIBE request fails to return the SDP in the response body due to a 401
>> Unauthorized error.
>>
>
> I've read the RFC2326 but I can't find any mentions that 401 and 407
> responses would be especially treated like this. Can you please tell us
> which specification/section that says 401 and 407 response codes don't allow
> response bodies?
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

You are correct, this mod did not come from a specification, but from
operational experience. When negotiating an RTSP connection to several video
servers and ip cameras, I found the curl_easy_perform() call will not return
from the DESCRIBE request until it times-out if authentication fails. This
is because the curl function expects the sdp content to be returned as the
body of the response, but this content is not transmitted by the server if
the client authentication fails. I can only offer empirical evidence, not a
specification. I have found this behavior to occur with the following
devices:

    Y-cam Bullet ip camera

    Vivotek IP7142 ip camera

    ACTi ACD-2000Q video server
    ACTi SED-2320Q video server

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-06-17