Bugs item #2974149, was opened at 2010-03-21 17:43
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2974149&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: http
Group: wrong behaviour
Status: Open
>Resolution: Invalid
Priority: 5
Private: No
Submitted By: Roger (xlink100)
Assigned to: Daniel Stenberg (bagder)
Summary: Empty POST using HTTPS with digest auth.

Initial Comment:
I try to send data in file fb.xml to a server:

curl -v --digest --data-binary @fb.xml -H "Content-Type: text/xml;charset=\"utf-8\"" -u "login:password" --insecure -A "just a user/agent 1.0" https://servername.com/soapservice

as result, the server replies with HTTP status 500. According to the verbose output, the POST is sent with no content (content-length 0). If I omit --digest, the POST contains data (at least content-length is > 0). Here's the debug output

* About to connect() to servername.com port 49443 (#0)
* Trying 172.20.0.1... connected
* Connected to servername.com (172.20.0.1) port 49443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: CN=servername.com
* start date: 2000-01-01 00:00:54 GMT
* expire date: 2027-05-18 00:00:54 GMT
* common name: anyname (does not match 'servername.com')
* issuer: CN=anyname
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Digest with user 'login'
> POST /soapservice HTTP/1.1
> User-Agent: just a user/agent 1.0
> Host: servername.com:49443
> Accept: */*
> Content-Type: text/xml;charset="utf-8"
> Content-Length: 0
>
< HTTP/1.1 500 Internal Server Error
< Content-Length: 1226
< Content-Type: text/html

curl -V:
curl 7.20.0 (i386-pc-win32) libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3
Protocols: dict file ftp ftps http https imap imaps ldap pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS Largefile NTLM SSL SSPI libz

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2010-03-21 19:29

Message:
and if you use --any-auth ?

This problem is due to the server being rather silly and insisting on a
content-length when it wouldn't like the contents anyway since curl hasn't
yet authenticated. This is by design and isn't strictly a bug (in curl).

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2974149&group_id=976
Received on 2010-03-21