You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried to reuse curl easy handle in application that connects to servers with digest authentication.
Curl seems to use incorrect nonce and realm (from previous server).
Here is the simplest example:
Result of first curl_easy_perform is fine, but in second call curl uses digest realm and nonce from first server and then the result is http unauthorized.
It works in the following way now:
First curl_easy_perform():
Curl sends GET to server1.
Server1 responds "unauthorized" with its digest realm and nonce.
Curl sends GET with provided realm and nonce.
Then easy_reset() and second curl_easy_perform():
4. Curl sends GET(already with digest) to server2, but using realm and nonce received from server1.
5. Server2 responds "unauthorized" with its realm and digest.
6. Curl returns, connection is failed (unauthorized).
I expected the following
Similar attempts for both servers, so in second curl_easy_perform():
4. Curl sends GET to server2 (not digest).
5. Server2 responds "unauthorized" with digest realm and nonce.
6. Curl sends GET with realm and nonce provided by server2.
If separate handlers are used (cleanup()/init() instead of reset()) it works fine.
curl/libcurl version
I tried with curl 7.47.0 (shared lib, linux) and with 7.58.0 (statically linked, linux).
operating system
Linux, Ubuntu 16.04
The text was updated successfully, but these errors were encountered:
Thanks! I believe this is fixed in commit 9caa3e2 (issue #2255), which will be included in the next release. You can download and try a daily snapshot or build from git, and I'd appreciate if you did try that out so that we know if this fixes your issue or not!
I have built curl from git, mentioned commit included.
I run example which failed before and then few more connection attempts with digest and... it works :-).
Thank you.
I did this
I tried to reuse curl easy handle in application that connects to servers with digest authentication.
Curl seems to use incorrect nonce and realm (from previous server).
Here is the simplest example:
Result of first curl_easy_perform is fine, but in second call curl uses digest realm and nonce from first server and then the result is http unauthorized.
It works in the following way now:
First curl_easy_perform():
Then easy_reset() and second curl_easy_perform():
4. Curl sends GET(already with digest) to server2, but using realm and nonce received from server1.
5. Server2 responds "unauthorized" with its realm and digest.
6. Curl returns, connection is failed (unauthorized).
I expected the following
Similar attempts for both servers, so in second curl_easy_perform():
4. Curl sends GET to server2 (not digest).
5. Server2 responds "unauthorized" with digest realm and nonce.
6. Curl sends GET with realm and nonce provided by server2.
If separate handlers are used (cleanup()/init() instead of reset()) it works fine.
curl/libcurl version
I tried with curl 7.47.0 (shared lib, linux) and with 7.58.0 (statically linked, linux).
operating system
Linux, Ubuntu 16.04
The text was updated successfully, but these errors were encountered: