New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Http digest authentication doesn't support 'stale=true' #928

Closed
tarek112 opened this Issue Jul 25, 2016 · 6 comments

Comments

Projects
None yet
3 participants
@tarek112

tarek112 commented Jul 25, 2016

I did this

Build using cmake with default options under windows (so using windows SSPI). Loop on a GET request to reach a digest authenticated resource. Reuse easy handle between requests.

I expected the following

Keep working after 401 ... "stale=true".
First authentication works well but after that first nonce expire, curl doesn't handle any further authentication. It keep using the initial nonce.

curl/libcurl version

7.50.0

operating system

Windows

I think I've found were the issue comes from and I should provide a pull request soon.

@bagder bagder added the HTTP label Jul 25, 2016

tarek112 added a commit to tarek112/curl that referenced this issue Jul 25, 2016

jay added a commit to jay/curl that referenced this issue Jul 26, 2016

digest_sspi: Handle stale directive. draft1
If there is an old digest and a new digest was sent with the stale
directive then the new digest replaces the old digest.

Prior to this change the stale directive was ignored and a new digest
would cause error CURLE_BAD_CONTENT_ENCODING in any case.

Bug: curl#928
Reported-by: tarek112@users.noreply.github.com
@tarek112

This comment has been minimized.

Show comment
Hide comment
@tarek112

tarek112 Jul 26, 2016

I tested you patch, it's working good. Thank you

tarek112 commented Jul 26, 2016

I tested you patch, it's working good. Thank you

@tarek112

This comment has been minimized.

Show comment
Hide comment
@tarek112

tarek112 Sep 22, 2016

Hello, still no issue with your patch. Is there something I can do to help with MR ?

tarek112 commented Sep 22, 2016

Hello, still no issue with your patch. Is there something I can do to help with MR ?

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Sep 22, 2016

Member

Are you referring to @jay's commit from July 26th?

Member

bagder commented Sep 22, 2016

Are you referring to @jay's commit from July 26th?

@tarek112

This comment has been minimized.

Show comment
Hide comment
@tarek112

tarek112 commented Sep 23, 2016

Yes indeed: jay@22c44c7

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Oct 17, 2016

Member

@jay any news or thoughts on where this is going?

Member

bagder commented Oct 17, 2016

@jay any news or thoughts on where this is going?

jay added a commit that referenced this issue Feb 21, 2017

digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
- If the server has provided another challenge use it as the replacement
  input token if stale=TRUE. Otherwise previous credentials have failed
  so return CURLE_LOGIN_DENIED.

Prior to this change the stale directive was ignored and if another
challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING.

Ref: https://tools.ietf.org/html/rfc2617#page-10

Bug: #928
Reported-by: tarek112@users.noreply.github.com
@jay

This comment has been minimized.

Show comment
Hide comment
@jay

jay Feb 21, 2017

Member

Thanks, landed in af5fbb1.

Member

jay commented Feb 21, 2017

Thanks, landed in af5fbb1.

@jay jay closed this Feb 21, 2017

@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.