cURL / Mailing Lists / curl-library / Single Mail


Re: CURLAUTH_ANY causes authention failure

From: Isaac Boukris <>
Date: Fri, 5 Jun 2015 21:53:10 +0300


On Fri, Jun 5, 2015 at 9:26 PM, Jeroen Ooms <> wrote:
> For the libcurl bindings in the R programming language, I would like
> to user to be able to connect to an arbitrary server using any
> authentication method. However setting CURLOPT_HTTPAUTH to
> CURLAUTH_ANY actually causes authentication failures in some cases.
> Here is an example:
> This
> particular example uses hidden basic auth. It works with the default
> CURLOPT_HTTPAUTH but when we set it to CURLAUTH_ANY it fails.

As far as I can tell, this is by design.
How do you want libcurl to pick an authentication method if it doesn't
know what the server supports?
If *you* know then tell it to libcurl and don't use CURLAUTH_ANY.

> When we change the URL to
> we see what happens. When CURLAUTH_ANY is set, curl first performs a
> request without Authorization header, and then when the server returns
> a 401 it tries again with Authorization header. This doesn't work for
> hidden auth because it returns a 404 instead of 401.

To my understanding the server is broken here, not the client.

Isaac B.
List admin:
Received on 2015-06-05