cURL / Mailing Lists / curl-library / Single Mail

curl-library

Digest auth failing on Windows

From: Jonathan C. <well.bad_at_hotmail.com>
Date: Fri, 20 Feb 2015 20:53:16 -0200

Initially I've posted this issue in the curl-users mailing list, but as I think this is a library issue, I'm cross posting it here with more details.

Doing a request which uses digest authentication fails on windows when the libcurl version is>= 7.40. The only thing I can see different is that the realm is "lost" when sending the Authorization header.

Request using libcurl 7.40 (commit 9ce2d7001939b795b45a8ce7700d1a3dcde0475d):
E:\curl\builds>libcurl-vc11-x86-release-static-ipv6-sspi\bin\curl.exe -V
curl 7.40.0-DEV (i386-pc-win32) libcurl/7.40.0-DEV WinIDN
Protocols: dict file ftp gopher http imap ldap pop3 rtsp smb smtp telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM

E:\curl\builds>libcurl-vc11-x86-release-static-ipv6-sspi\bin\curl.exe --user user:pass --digest -v 127.0.0.1:3000
* Rebuilt URL to: 127.0.0.1:3000/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
* Server auth using Digest with user 'user'
> GET / HTTP/1.1
> User-Agent: curl/7.40.0-DEV
> Host: 127.0.0.1:3000
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< Content-Type: text/plain
< WWW-Authenticate: Digest realm="digest", qop="auth", nonce="263cb0fd8be1f9212eda9758ab2a4e5c", algorithm="MD5", stale="false"
< Date: Fri, 20 Feb 2015 22:40:32 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
<
* Ignoring the response-body
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'http://127.0.0.1:3000/'
* Found bundle for host 127.0.0.1: 0x5bfcb8
* Re-using existing connection! (#0) with host 127.0.0.1
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
* Server auth using Digest with user 'user'
> GET / HTTP/1.1
> Authorization: Digest username="user",realm="",nonce="263cb0fd8be1f9212eda9758ab2a4e5c",uri="/",cnonce="f57d54728981e2f5d860060bbcce94f7",nc=00000001,algorithm=MD5,response="b0fa5ff4efccbbfb4c3a40ae171f2795",qop="auth"
> User-Agent: curl/7.40.0-DEV
> Host: 127.0.0.1:3000
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< Content-Type: text/plain
* Authentication problem. Ignoring this.
< WWW-Authenticate: Digest realm="digest", qop="auth", nonce="40902141ad26807a6b0e5897e51dc86d", algorithm="MD5", stale="false"
< Date: Fri, 20 Feb 2015 22:40:32 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
<
401 Unauthorized* Connection #0 to host 127.0.0.1 left intact

---
Same request, but with libcurl 7.39 (commit 303bfc1024d948a5ba134ccfc106f82c0b4fd675):
E:\curl\builds>libcurl-vc11-x86-release-static-ipv6-sspi\bin\curl.exe -V
curl 7.38.1-DEV (i386-pc-win32) libcurl/7.38.1-DEV WinIDN
Protocols: dict file ftp gopher http imap ldap pop3 rtsp smtp telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI SPNEGO NTLM
E:\curl\builds>libcurl-vc11-x86-release-static-ipv6-sspi\bin\curl.exe --user user:pass --digest -v 127.0.0.1:3000
* Rebuilt URL to: 127.0.0.1:3000/
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
* Server auth using Digest with user 'user'
> GET / HTTP/1.1
> User-Agent: curl/7.38.1-DEV
> Host: 127.0.0.1:3000
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< Content-Type: text/plain
< WWW-Authenticate: Digest realm="digest", qop="auth", nonce="7287239a2bb9f24adb13b8ab303c5e69", algorithm="MD5", stale="false"
< Date: Fri, 20 Feb 2015 22:50:41 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
<
* Ignoring the response-body
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'http://127.0.0.1:3000/'
* Found bundle for host 127.0.0.1: 0x4ffce8
* Re-using existing connection! (#0) with host 127.0.0.1
* Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0)
* WARNING: Using weak random seed
* Server auth using Digest with user 'user'
> GET / HTTP/1.1
> Authorization: Digest username="user", realm="digest", nonce="7287239a2bb9f24adb13b8ab303c5e69", uri="/", cnonce="NWI0MmZjOTgzZDhkY2YwYjVlMjQ4ZTRjZDZiN2JiMDc=", nc=00000001, qop=auth, response="f9ff07e309c8954a5c660db4027aaca0", algorithm="MD5"
> User-Agent: curl/7.38.1-DEV
> Host: 127.0.0.1:3000
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< content-type: text/html; charset=utf-8
< content-length: 4
< etag: "-1919691191"
< Date: Fri, 20 Feb 2015 22:50:41 GMT
< Connection: keep-alive
<
Hello!* Connection #0 to host 127.0.0.1 left intact
 		 	   		  
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2015-02-20

This message: [ Message body ]
Next message: Jeff Pohlmeyer: "Re: Delphi binding"
Previous message: Valerio Borsò: "Re: Ntlm proxy and Http 407 error"
Next in thread: Jonathan C.: "RE: Digest auth failing on Windows"
Reply: Jonathan C.: "RE: Digest auth failing on Windows"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]