curl / Mailing Lists / curl-library / Single Mail

curl-library

HTTP POST/PUT request with NTLM authentication leads to HTTP Status 411 Length required

From: Hölzl, Dominik <Dominik.Hoelzl_at_fabasoft.com>
Date: Thu, 2 Feb 2017 14:47:19 +0000

Hello!

I have the following problem:

I want to perform an HTTP POST request, PUT request or another custom request (CURLOPT_CUSTOMREQUEST) with some data (CURLOPT_UPLOAD, CURLOPT_INFILESIZE_LARGE) with using NTLM authentication (CURLOPT_HTTPAUTH CURLAUTH_NTLM, CURLOPT_USERPWD).

But the request fails with 411 Length required (Server: IIS 6.2), if this is the first request of a CURL-handle.
Performing a GET request always works as expected.

WireShark shows, that cURL removes the "Content-Length" header in the NTLM challenge request and therefore the Server complains about the missing header.
Adding the "Content-Length" header additionally to the request does not help. If I add a "Content-Length-X"-Header, I can see in WireShark that this header survives, but the Content-Length header is missing.
Adding a "Expect: 100-continue" header does not help either.

Regarding to the change-logs this bug has been fixed in version 7.19.6 (https://curl.haxx.se/changes.html#7_19_6):
Bugfixes:

· ...

· set Content-Length: with POST and PUT failed with NTLM auth

· ...

I have following discussion about this bug found:
http://marc.info/?t=107172137000001&r=1&w=2

If I use cURL Library version 7.19.6 where this bug was initially fixed the problem disappears and the request works as expected.

If I use cURL Library version 7.49.1 or the latest Version, 7.52.1, the request fails with 411 Length required as mentioned above.
It seems some changes to cURL broke that. I did not test in which version the bug reappeared.

Do you have any suggestions how to work around that problem? I want to use the latest cURL Library version for security reasons.
I can perform a GET request on every newly created CURL handle first to perform the NTLM challenge and after that perform the POST request, but this may probably lead to performance problems; Besides I don't know the exact URL to which to perform this challenge Request.

Regards,
Dominik

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-02