I did this
We use libcurl through mamba. After mamba upgraded past libcurl 7.75.0, we started seeing issues with basic auth passed through the URL.
We give curl through curl_easy_setopt(handle, CURLOPT_URL, url.c_str()); a url that has basic auth as part of it.
An example is:
https://:test@localhost:8005/
However, we started noticing that reused connections would get a 401 back from the service due to the lack of an auth header.
I expected the following
I expected that reused connections would continue to have the basic auth credentials all throughout.
I opened mamba-org/mamba#1141 where I started iterating to getting a minimal repro and I was able to get that, but from there debugged my way into a potential workaround to this issue.
If I directly set curl_easy_setopt(handle, CURLOPT_USERPWD, ":test");, the issue would no longer come up. So I believe the issue might have something to do with how curl is handling the credentials from the url and they're not being set correctly such that future reuse of the same connection would benefit from the same credentials.
I think this might have something to do with #6545 which is very relevant to the release where this got introduced.
curl/libcurl version
Any libcurl higher than 7.75.0 (I tested against latest as well)
operating system
I did this
We use libcurl through mamba. After mamba upgraded past libcurl 7.75.0, we started seeing issues with basic auth passed through the URL.
We give curl through
curl_easy_setopt(handle, CURLOPT_URL, url.c_str());aurlthat has basic auth as part of it.An example is:
https://:test@localhost:8005/However, we started noticing that reused connections would get a 401 back from the service due to the lack of an auth header.
I expected the following
I expected that reused connections would continue to have the basic auth credentials all throughout.
I opened mamba-org/mamba#1141 where I started iterating to getting a minimal repro and I was able to get that, but from there debugged my way into a potential workaround to this issue.
If I directly set
curl_easy_setopt(handle, CURLOPT_USERPWD, ":test");, the issue would no longer come up. So I believe the issue might have something to do with how curl is handling the credentials from the url and they're not being set correctly such that future reuse of the same connection would benefit from the same credentials.I think this might have something to do with #6545 which is very relevant to the release where this got introduced.
curl/libcurl version
Any libcurl higher than 7.75.0 (I tested against latest as well)
operating system