Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't clear digest info unnecessarily when only a single realm is involved #3267

Closed
jolting opened this issue Nov 13, 2018 · 0 comments
Closed

Don't clear digest info unnecessarily when only a single realm is involved #3267

jolting opened this issue Nov 13, 2018 · 0 comments

Comments

@jolting
Copy link

@jolting jolting commented Nov 13, 2018

Related:
#2255
#2347

Related PR
#2272

It looks like #2272 took a bit of a nuclear approach to solving this problem, which prevents me from continuing to reuse the session. It must reauthenticate each time if I'm talking to the same realm.

On subsequent requests the Authentication header is missing forcing a reauthentication. I don't expect this if I'm only using a single curl object for a single realm. Technically the reauthentication doesn't prevent the request from going through, but it certainly is less efficient requiring an extra handshake for each request.

The offending line is here.

curl/lib/easy.c

Line 1024 in 2f5f31b

Curl_digest_cleanup(data);

I verified my app works perfectly when not reseting the digest info. The nc increments perfectly with each request and it never gets any additional 401s after the initial authentication.

I did this

suppose url and userpswd don't change.

			curl_easy_setopt(curl, CURLOPT_USERPWD, userpswd);
			curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
			curl_easy_setopt(curl, CURLOPT_URL, url);
			curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
			curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteCallback);
			curl_easy_setopt(curl, CURLOPT_WRITEDATA, &bodystr);
			CURLcode res = curl_easy_perform(curl);
			curl_easy_reset(curl);

I expected the following

This should only authenticate once.

The first time I expect the server to return 401 with WWW-Authenticate header.
The CURL adds digest info to Authorization header and resends.
The second time I reuse the curl I expect the Authorization header to be sent with nc=00000002.

curl/libcurl version

7.62.0

operating system

Windows 7

@bagder bagder closed this in 1853c88 Jun 24, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Sep 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants