cURL / Mailing Lists / curl-library / Single Mail


External NTLM authentication

From: Michael Kaufmann <>
Date: Wed, 15 Jun 2016 12:04:39 +0200


in my company, we use libcurl to forward requests in a reverse proxy
setup. We want to forward requests that use NTLM authentication. These
requests already have "Authentication: NTLM ..." headers, so libcurl's
CURLAUTH_NTLM feature is not suitable for such requests.

The problem is this: When libcurl is sending a request with a body,
and libcurl gets an early "401 Unauthorized" response from the server,
then libcurl stops sending the body and closes the connection. The
code is in http.c, about line 3150 and starts with "if(k->httpcode >=
300) ...".

Usually this is a reasonable thing to do, but for NTLM, the connection
must not be closed because NTLM authenticates connections, not
requests. Note that if the built-in NTLM authentication is enabled,
libcurl does not close the connection in this case.

As a workaround, I have tried to call "curl_easy_pause(handle,
CURLPAUSE_RECV)" in the read function, and then call
"curl_easy_pause(handle, CURLPAUSE_CONT)" when the body has been read
completely. But there is a race condition: libcurl may get the
response code from the server before the read function is called for
the first time.

It seems to me that I need a new option for libcurl that disables the
handling of early 401 responses from the server. I can write a patch,
but I'm not sure what name would fit. IGNORE_EARLY_401, or

What do you think?


List admin:
Received on 2016-06-15