On Fri, 8 Feb 2002, Andres Salomon wrote:

> > Does the redirect take you to another host? If so, libcurl will not
> > re-send the authentication to the new host, only the original one. See
> > below for more reasoning around this.
>
> Depends on what libcurl considers a new host.

Another host name, plain and simple.

> The redirect goes from foo.com to www.foo.com; this is handled by different
> apache vhosts (I have no idea _why_ it's not just a serveralias, but that's
> a different discussion). Same TLD, same SSL cert, different vhost.

If I recall this correctly, even most browsers will prompt you for the
password twice when that operation is made.

> I think an option that told it to skip the extra step if the cert for both
> sites were exactly the same, or something, would be useful..

I agree, in general. The problem would of course still remain for most of the
cases when you use plain HTTP and today, in the current code, the
send-auth-or-not check has no clue what to ever if it uses a certificate or
not. Thus, I'm more in favour of my way of solving this problem as your
suggestion, however fine it is, is a much more involved operation.

But, I have no code right now that solves this. Any contributions are
appreciated!

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/