cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl ignores remote port when using http digest auth

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 13 Mar 2006 14:10:17 +0100 (CET)

On Mon, 13 Mar 2006, j.ryska.mail_at_post.cz wrote:

I've directed my response to the libcurl mailing list, as this is a pure
libcurl issue and is thus better kept on that list. (Still cc'ing the users
list to let them know where this is going.)

> here is the problem. I'm using libCurl (7.15.2). When my program uses port
> different than 80 for connection, then it fail when sending http digest
> credentials. Here is relevant code:

Thanks for your accurate and detailed bug report!

> As you can see second request with digest auth data is trying to connect to port 80 instead of 5020 where apache is running.
> After some research i found this code in transfer.c
>
> 1931: else {
> 1932: /* This is an absolute URL, don't allow the custom port number */
> 1933: data->state.allow_port = FALSE;
>
> This causes that port isn't set for second request: file url.c:
>
> 3430: if(data->set.use_port && data->state.allow_port) {
> 3431: /* if set, we use this and ignore the port possibly given in the URL */
> 3432: conn->remote_port = (unsigned short)data->set.use_port;
>
> So I commented that line 1933 in transfer.c and for now this works for me.

While this fix might work for you, here and now, it is a naive fix that'll
break other apps. If you set a custom port number, this change will make
redirects from such a page also use that port number and that is not what
people will expect.

A proper fix is likely to be more involved and allow the port change while
authentication negotiation but not when following a direct.

Would you be able to produce an updated patch that takes this into
consideration?

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2006-03-13