cURL / Mailing Lists / curl-library / Single Mail


Re: cUrl and challenge-response authentication (NTLM)

From: Daniel Stenberg <>
Date: Mon, 2 Jan 2012 16:10:39 +0100 (CET)

On Mon, 2 Jan 2012, Yehezkel Horowitz wrote:

> I wanted to ask if there is an option to ask curl to handle all the
> challenge-response of HTTP authentication internally.

No, there isn't.

> Does anyone knows why the calling application even need to know about all
> this challenge-response negotiation (in other words, why not making this
> option as default)?

Yes, I do. The reason is probably primarily because it is by far the simplest
approach and avoids having libcurl cache headers for possible later
outputting. But also because libcurl has always been about providing all
headers so it's never been a discussion point really.

> From my "user" point of view - there is no need to get all this information;
> all this could and should be handled internally inside libcurl, since the
> username and password needs to be configured in advance.

I agree that it could make sense with a mode that makes libcurl hold the
headers for a while and if it can deal with them itselves for auth reasons etc
it would hide them completely from the application. That same logic (or
similar) could also hide headers for 30X redirects as it has the similar

List admin:
Received on 2012-01-02