cURL / Mailing Lists / curl-library / Single Mail


Re: Customizing 401 handling for http-digest authentication

From: Daniel Stenberg <>
Date: Mon, 3 Nov 2014 09:04:44 +0100 (CET)

On Fri, 31 Oct 2014, Guru Prasad wrote:

>> Sure. Just don't use libcurl's built-in auth support and build your own
>> instead.
> Thanks, Daniel. How can I make libcurl not to use the built-in auth? Can
> this be just done by not calling curl_easy_setopt(CurlHandler,


> or is there any other alternates?


> Another question: If I had called this API already, and then, I want to
> disable this, how can this be achieved?


> If I have Authorization header constructed by my module, then, in order to
> use this Authorization header, should I be providing all the remaining
> headers like Accept, Host, etc. in CURLOPT_HTTPHEADER?

Yes. Although Accept and Host shouldn't have anything to do with
authentication... and normally you are better off letting libcurl set the
Host: header itself.

> One more question: If I am not using the libcurl built-in auth and I am
> using my own implementation, in this case, once 401 Unauthorized processing
> is done, I should be triggering the request again with the challenge
> response, right?

When you implement the entire thing yourself you must make sure all requests
are done with the necessary set of headers, yes. That would include responding
to 401 responses.

List admin:
Received on 2014-11-03