curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl doesn't handle multiple WWW-Authenticate challenges properly (Negotiate)

From: Daniel Stenberg via curl-library <>
Date: Tue, 28 Jan 2020 16:15:25 +0100 (CET)

On Tue, 28 Jan 2020, Jung Michel via curl-library wrote:

> However, if the 401 response contains more than one challenge, like so:
> WWW-Authenticate: Negotiate, Basic realm="TM1"

This is accurate. curl doesn't handle multiple authentications specified on
the same physical line, but will deal with them if they arrive in multiple
headers. This limitation actually affects all HTTP authentication methods, not
just Negotiate.

Amazingly enough, this is something that is extremely rare in practise in the
wild and therefore has not been much of a problem.

You interested in diving in and work on fixing this?

  / | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
Received on 2020-01-28