Haxx ad

curl's project page on


cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-2548099 ] Nonce getting expired in Digest Auth

From: <>
Date: Mon, 02 Feb 2009 16:00:47 +0000

Bugs item #2548099, was opened at 2009-01-30 07:50
Message generated for change (Settings changed) made by bagder
You can respond by visiting:

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: bad behaviour
>Status: Pending
Resolution: Out of Date
Priority: 5
Private: No
Submitted By: Romil Mittal (romilmittal)
Assigned to: Daniel Stenberg (bagder)
Summary: Nonce getting expired in Digest Auth

Initial Comment:
Digest authentication involves negotiating a 'nonce' value with the server. This 'nonce' value expires after sometime and then server sends a new 'nonce'. A client is supposed to use the newer value but in our case CURL continued to use the same stale value. Making a change in CURL so that if 'stale=true' is found in the header, it renegotiates the nonce with the server.

Affected files ...


Differences ...

< if((authp->avail & CURLAUTH_DIGEST) != 0) {

>         if(((authp->avail & CURLAUTH_DIGEST) != 0) && (strstr(header, "stale=true") == 0)) {
Comment By: Daniel Stenberg (bagder)
Date: 2009-01-30 08:15
You're patching a very old libcurl version, can you please verify that
this is still a problem with 7.19.3 and if so provide a patch against
(please use diff -u for the output format.)
Also note that the strstr() in your code is a bit too naive since the
'true' part may be within quotes.
You can respond by visiting:
Received on 2009-02-02

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET