Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

HTTP POST/PUT request with NTLM authentication leads to HTTP Status 411 Length required

From: Hölzl, Dominik <Dominik.Hoelzl_at_fabasoft.com>
Date: Thu, 2 Feb 2017 12:16:44 +0000

Hello!

I have the following problem:

I want to perform an HTTP POST request, PUT request or another custom request (CURLOPT_CUSTOMREQUEST) with some data (CURLOPT_UPLOAD, CURLOPT_INFILESIZE_LARGE) with using NTLM authentication (CURLOPT_HTTPAUTH CURLAUTH_NTLM, CURLOPT_USERPWD).

But the request fails with 411 Length required (Server: IIS 6.2), if this is the first request of a CURL-handle.
Performing a GET request always works as expected.

WireShark shows, that cURL removes the "Content-Length" header in the NTLM challenge request and therefore the Server complains about the missing header.
Adding the "Content-Length" header additionally to the request does not help. If I add a "Content-Length-X"-Header, I can see in WireShark that this header survives, but the Content-Length header is missing.
Adding a "Expect: 100-continue" header does not help either.

Regarding to the change-logs this bug has been fixed in version 7.19.6 (https://curl.haxx.se/changes.html#7_19_6):
Bugfixes:

· ...

· set Content-Length: with POST and PUT failed with NTLM auth

· ...

I have following discussion about this bug found:
http://marc.info/?t=107172137000001&r=1&w=2

If I use cURL Library version 7.19.6 where this bug was initially fixed the problem disappears and the request works as expected.

If I use cURL Library version 7.49.1 or the latest Version, 7.52.1, the request fails with 411 Length required as mentioned above.
It seems some changes to cURL broke that. I did not test in which version the bug reappeared.

Do you have any suggestions how to work around that problem? I want to use the latest cURL Library version for security reasons.
I can perform a GET request on every newly created CURL handle first to perform the NTLM challenge and after that perform the POST request, but this may probably lead to performance problems; Besides I don't know the exact URL to which to perform this challenge Request.

Regards,
Dominik

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-02