curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: can persistent auth be disabled?

From: Whitney Jackson via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 28 Feb 2020 15:17:06 -0700

> This begs the question: how is curl supposed to figure this out rather
than to presume?

This seems to be the spec that covers that:
https://tools.ietf.org/id/draft-montenegro-httpbis-multilegged-auth-01.html#rfc.section.3

Summarizing, it looks like the correct behavior should be: queue requests
until you know whether you're doing persistent auth (aka connection based)
or non-persistent auth (aka request based). Switch to persistent auth only
if you get a response header that explicitly turns it on.

Seems like this part of curl needs some significant work. I'm thinking
about trying to do that myself. Would a contribution that attempts to make
curl's behavior line up with this specification be likely to be accepted?
Any thoughts or advice on how best to approach a contribution in this area
of the code? For example, is there a particular person who would want to
approve/disapprove a proposed design?

Whitney

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-02-28

This message: [ Message body ]
Previous message: Ray Satiro via curl-library: "Re: windows NTLM auth with sspi enabled fails mysteriously for some customers"
In reply to: Daniel Stenberg via curl-library: "Re: can persistent auth be disabled?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]