curl-library
Re: HTTP POST/PUT request with NTLM authentication leads to HTTP Status 411 Length required
Date: Fri, 3 Feb 2017 01:14:13 +0200
On Thu, Feb 2, 2017 at 2:16 PM, Hölzl, Dominik
<Dominik.Hoelzl_at_fabasoft.com> wrote:
> Hello!
>
>
>
> I have the following problem:
>
>
>
> I want to perform an HTTP POST request, PUT request or another custom
> request (CURLOPT_CUSTOMREQUEST) with some data (CURLOPT_UPLOAD,
> CURLOPT_INFILESIZE_LARGE) with using NTLM authentication (CURLOPT_HTTPAUTH
> CURLAUTH_NTLM, CURLOPT_USERPWD).
>
>
>
> But the request fails with 411 Length required (Server: IIS 6.2), if this is
> the first request of a CURL-handle.
>
> Performing a GET request always works as expected.
>
>
>
> WireShark shows, that cURL removes the “Content-Length” header in the NTLM
> challenge request and therefore the Server complains about the missing
> header.
>
> Adding the “Content-Length” header additionally to the request does not
> help. If I add a “Content-Length-X”-Header, I can see in WireShark that this
> header survives, but the Content-Length header is missing.
>
> Adding a “Expect: 100-continue” header does not help either.
>
>
>
>
>
> Regarding to the change-logs this bug has been fixed in version 7.19.6
> (https://curl.haxx.se/changes.html#7_19_6):
>
> Bugfixes:
>
> · …
>
> · set Content-Length: with POST and PUT failed with NTLM auth
>
> · …
>
>
>
> I have following discussion about this bug found:
>
> http://marc.info/?t=107172137000001&r=1&w=2
>
>
>
>
>
> If I use cURL Library version 7.19.6 where this bug was initially fixed the
> problem disappears and the request works as expected.
>
>
>
> If I use cURL Library version 7.49.1 or the latest Version, 7.52.1, the
> request fails with 411 Length required as mentioned above.
>
> It seems some changes to cURL broke that. I did not test in which version
> the bug reappeared.
>
>
>
>
>
> Do you have any suggestions how to work around that problem? I want to use
> the latest cURL Library version for security reasons.
Can you show us how to reproduce this (code sample or curl command)?
It doesn't reproduce by me.
There is some logic in curl to set Content-Length:0 in the initial
request of ntlm connections (in order
to avoid having to send the data to be discarded), but that should be
ok, example:
curl -v -uavi:zubur1 --ntlm -Fa=b http://httpbin.org/post
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-03