cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Bug in libcurl

From: Jorge Lodos Vigil <lodos_at_segurmatica.cu>
Date: Fri, 11 Nov 2011 13:10:38 +0000

Daniel Stenberg wrote:

> On Thu, 10 Nov 2011, Jorge Lodos Vigil wrote:
>
> > There is a bug in libcurl when more than one authentication constant
> > is specified for proxy connections (probably for server as well but
> > I didn't test).
>
> We fixed one such a problem in git already. Can you give the latest
> daily snapshot source code a try and see if that works better for you?
>
> If the bug still appears with that version, I think we need more
> specific details.
>

I tried and the bug is still there. Checking the code I can see the bug you fixed. That one is related to the received authentication header, there are still issues with the sent headers. The problem is constructing the client authentication header to send for the first time, when there is still no connection. I will try to solve this myself and send a patch back. In the mean time, this is how to reproduce:

1. ISA Server 2006 with basic authentication disabled.
2. Use curl with authentication CURLAUTH_ANYSAFE

The problem must be solved either in Curl_http_output_auth or output_auth_headers (or both). The function output_auth_headers is designed so a specific authentication method must be already picked, however no such selection is performed in Curl_http_output_auth. I'm not sure what will be best: change output_auth_headers semantics or ensure that a single method is selected and loop in Curl_http_output_auth. I'll appreciate any hint :-)

Thank you.

Best regards
Jorge

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-11-11