Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Http digest authentication doesn't support 'stale=true' #928

Closed
tarek112 opened this issue Jul 25, 2016 · 6 comments
Closed

Http digest authentication doesn't support 'stale=true' #928

tarek112 opened this issue Jul 25, 2016 · 6 comments
Assignees
@jay
Labels
HTTP

Comments

@tarek112
Copy link

I did this

Build using cmake with default options under windows (so using windows SSPI). Loop on a GET request to reach a digest authenticated resource. Reuse easy handle between requests.

I expected the following

Keep working after 401 ... "stale=true".
First authentication works well but after that first nonce expire, curl doesn't handle any further authentication. It keep using the initial nonce.

curl/libcurl version

7.50.0

operating system

Windows

I think I've found were the issue comes from and I should provide a pull request soon.
@bagder bagder added the HTTP label Jul 25, 2016
tarek112 added a commit to tarek112/curl that referenced this issue Jul 25, 2016
@tarek112
vauth: add digest authentication support with SSPI when stale=true
815a99e 
Bug: curl#928
Closes curl#928
@tarek112 tarek112 mentioned this issue Jul 25, 2016
Closed
jay added a commit to jay/curl that referenced this issue Jul 26, 2016
@jay
digest_sspi: Handle stale directive. draft1
22c44c7 
If there is an old digest and a new digest was sent with the stale
directive then the new digest replaces the old digest.

Prior to this change the stale directive was ignored and a new digest
would cause error CURLE_BAD_CONTENT_ENCODING in any case.

Bug: curl#928
Reported-by: tarek112@users.noreply.github.com
@tarek112
Copy link
Author

I tested you patch, it's working good. Thank you

@tarek112
Copy link
Author

Hello, still no issue with your patch. Is there something I can do to help with MR ?

@bagder
Copy link
Member

bagder commented Sep 22, 2016

Are you referring to @jay's commit from July 26th?

@tarek112
Copy link
Author

Yes indeed: jay@22c44c7

@bagder
Copy link
Member

bagder commented Oct 17, 2016

@jay any news or thoughts on where this is going?

jay added a commit that referenced this issue Feb 21, 2017
@jay
digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
af5fbb1 
- If the server has provided another challenge use it as the replacement
  input token if stale=TRUE. Otherwise previous credentials have failed
  so return CURLE_LOGIN_DENIED.

Prior to this change the stale directive was ignored and if another
challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING.

Ref: https://tools.ietf.org/html/rfc2617#page-10

Bug: #928
Reported-by: tarek112@users.noreply.github.com
@jay
Copy link
Member

jay commented Feb 21, 2017

Thanks, landed in af5fbb1.

@jay jay closed this as completed Feb 21, 2017
@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jay jay

Labels
HTTP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bagder @jay @tarek112