Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't clear digest info unnecessarily when only a single realm is involved #3267

Closed
jolting opened this issue Nov 13, 2018 · 0 comments

Comments

Projects
None yet
2 participants
@jolting
Copy link

commented Nov 13, 2018

Related:
#2255
#2347

Related PR
#2272

It looks like #2272 took a bit of a nuclear approach to solving this problem, which prevents me from continuing to reuse the session. It must reauthenticate each time if I'm talking to the same realm.

On subsequent requests the Authentication header is missing forcing a reauthentication. I don't expect this if I'm only using a single curl object for a single realm. Technically the reauthentication doesn't prevent the request from going through, but it certainly is less efficient requiring an extra handshake for each request.

The offending line is here.

curl/lib/easy.c

Line 1024 in 2f5f31b

Curl_digest_cleanup(data);

I verified my app works perfectly when not reseting the digest info. The nc increments perfectly with each request and it never gets any additional 401s after the initial authentication.

I did this

suppose url and userpswd don't change.

			curl_easy_setopt(curl, CURLOPT_USERPWD, userpswd);
			curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
			curl_easy_setopt(curl, CURLOPT_URL, url);
			curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
			curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteCallback);
			curl_easy_setopt(curl, CURLOPT_WRITEDATA, &bodystr);
			CURLcode res = curl_easy_perform(curl);
			curl_easy_reset(curl);

I expected the following

This should only authenticate once.

The first time I expect the server to return 401 with WWW-Authenticate header.
The CURL adds digest info to Authorization header and resends.
The second time I reuse the curl I expect the Authorization header to be sent with nc=00000002.

curl/libcurl version

7.62.0

operating system

Windows 7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.