curl-library
HTTP POST/PUT request with NTLM authentication leads to HTTP Status 411 Length required
Date: Thu, 2 Feb 2017 14:47:19 +0000
Hello!
I have the following problem:
I want to perform an HTTP POST request, PUT request or another custom request (CURLOPT_CUSTOMREQUEST) with some data (CURLOPT_UPLOAD, CURLOPT_INFILESIZE_LARGE) with using NTLM authentication (CURLOPT_HTTPAUTH CURLAUTH_NTLM, CURLOPT_USERPWD).
But the request fails with 411 Length required (Server: IIS 6.2), if this is the first request of a CURL-handle.
Performing a GET request always works as expected.
WireShark shows, that cURL removes the "Content-Length" header in the NTLM challenge request and therefore the Server complains about the missing header.
Adding the "Content-Length" header additionally to the request does not help. If I add a "Content-Length-X"-Header, I can see in WireShark that this header survives, but the Content-Length header is missing.
Adding a "Expect: 100-continue" header does not help either.
Regarding to the change-logs this bug has been fixed in version 7.19.6 (https://curl.haxx.se/changes.html#7_19_6):
Bugfixes:
· ...
· set Content-Length: with POST and PUT failed with NTLM auth
· ...
I have following discussion about this bug found:
http://marc.info/?t=107172137000001&r=1&w=2
If I use cURL Library version 7.19.6 where this bug was initially fixed the problem disappears and the request works as expected.
If I use cURL Library version 7.49.1 or the latest Version, 7.52.1, the request fails with 411 Length required as mentioned above.
It seems some changes to cURL broke that. I did not test in which version the bug reappeared.
Do you have any suggestions how to work around that problem? I want to use the latest cURL Library version for security reasons.
I can perform a GET request on every newly created CURL handle first to perform the NTLM challenge and after that perform the POST request, but this may probably lead to performance problems; Besides I don't know the exact URL to which to perform this challenge Request.
Regards,
Dominik
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-02