cURL / Mailing Lists / curl-library / Single Mail


RE: cUrl and challenge-response authentication (NTLM)

From: Yehezkel Horowitz <>
Date: Tue, 3 Jan 2012 09:13:46 +0200

> I can easily come up with one case right now and I suspect there are others if we just give it some more thoughts.

> Assume your application enables authentication with a specific subset of
authentication types. When the 401 response comes libcurl doesn't know if it
is the final or not, so it will have to keep all headers around until after it has gotten the "Authorization:" headers as if the server only wants types you don't know or use, the 401 is the final one and otherwise it is not.

OK, I now understand what you mean by keeping the headers, yet I assume this should not be difficult to implement.

>> Another point I noticed, that I can't use NTLM authentication with
>> CURLOPT_FORBID_REUSE (since NTLM provide authentication per connection).

>Right. However that's a bug we should be able to fix without the above
mentioned change being strictly necessary.

Do you want me to open a bug report for this?

Finally, I would be glad to know if you think this mode is worth development effort, and if you think curl users (other than me) will be happy to use it.

PS: can you think about good name to this mode (CURL_OPT_?)?

List admin:
Received on 2012-01-03