On Wed, 17 Mar 2004, David Byron wrote:

> The known bug (http://curl.haxx.se/docs/knownbugs.html)
>
> * Using CURLOPT_FAILONERROR (-f/--fail) will make authentication to stop
> working if you use anything but plain Basic auth.
>
> has reared its ugly head again for me. I was able to get by without --ntlm
> and --fail together, but I'd really like to use --proxy-ntlm and --fail
> together. I'm guessing that the fix is the same for both.

I think so, yes.

> I hope to get some time to work on this, but when I looked at it last, it
> was pretty complicated. Any chance someone else is also itching to get this
> fixed? Or maybe that the code has changed such that this isn't so hard
> anymore?

I think the code is still complicated and this problem is still tricky to
solve. If --fail is set and we get a HTTP response code > 400, we probably
need to check if we're using an multi-pass authentication method and if we're
talking with a proxy or a host, and based on that knowledge decide if the http
response code is bad or not.

> As a bit of an aside, I was a bit surprised to find --proxy-ntlm, but no
> --proxy-digest

It would be easy to add, but it has slipped through. I've never heard of
anyone who has a proxy using Digest auth anyway... :-)

> or maybe even --proxy-basic.

It certainly should be added for completeness so that it could be switched
back to Basic, even though basic is the default authentication method for
proxies as well.

> Is the idea that if you specify --proxy-user (and --proxy) you get basic
> authentication and digest isn't supported

proxy-digest is supported for normal HTTP fetches, but it isn't for SSL
fetches over proxy IIRC.

> or is that the code is smart enough to figure out what kind of proxy is out
> there and do the right thing?

Heh, we don't offer --proxy-anyauth either, only --anyauth. :-)

There are just so many options!

-- 
    Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
   [[ Do not send mails to this email address. They won't reach me. ]]