Menu
▾
▴
#861 Digest Authentication with Post Data
Hi, after some test I can highligh a curl lib bad behaviour.
Debian Lenny 64b / curl 7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g
curl -v --digest -u "xx:xx" -X REPORT http://xx -d "Some Data"
* About to connect() to xxx (#0)
* Trying xx... connected
* Connected toxx (#0)
* Server auth using Digest with user 'xx'
> REPORT xx HTTP/1.1
> User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
> Host: xx
> Accept: */*
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 400 Bad Request
it's seems dont send data
and
curl -v --digest -u "xx:xx" -X REPORT http://xx -d "Some Data"
* About to connect() to xxx (#0)
* Trying xx... connected
* Connected to xx (#0)
* Server auth using Basic with user 'xx'
> REPORT xx HTTP/1.1
> Authorization: Basic yy
> User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
> Host: xx
> Accept: */*
> Content-Length: 352
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 207 Multi-Status
and it's works... my script on server side doesn't show any data...
Do you have an idea of what happened?
Regards
it doesn't send any data as the server doesn't want any when Digest is used. It will just respond with a challenge and then curl will use that and then send off the actual post.
I try to use caldav services (calendarserver) with digest authentication, but server respond :
Bad Request <h1>Bad Request</h1><p>REPORT request body may not be empty
Exactly with the same request with basic authentication, I can trace Content-Length: xx on request and the server respond correctly...
Do you think issue come from server or from curl ?
I think the server is stupid in requiring a content in a request that it won't allow anyway since it isn't authenticated. libcurl tries to save having to send bytes in vain.
Changing libcurl's behavior in this aspect might not be very easily done.
Have you tried using --any-auth instead?
Thanks for reporting this issue and helping us improve curl and libcurl.
We're awaiting feedback in this issue. Due to this, I have set the state of this issue to pending and it will automatically get closed later on unless we get further info.
Please consider answering the outstanding questions or providing the missing info so that we can proceed to resolve this issue!
Great Idea, I test with anyauth (not any-auth) and if I test :
curl -v --anyauth --digest -u "xx:xx" -X REPORT http://xx -d "Some Data" (doesn't works, I had test before)
but
curl -v --digest -u "xx:xx" -X REPORT http://xx -d "Some Data" --anyauth (works)
So I can do, what I want... Thanks for you help.. I leave ticket pending for check order parameter behaviour.
Regards
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).