Bugs item #3489445, was opened at 2012-02-19 12:59
Message generated for change (Comment added) made by nmailhot
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3489445&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: new feature request
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Mailhot (nmailhot)
Assigned to: Daniel Stenberg (bagder)
Summary: Handle HTTP error 511 Network Authentication Required

Initial Comment:
Since
http://code.google.com/p/chromium/issues/detail?id=7338 and
https://bugzilla.mozilla.org/show_bug.cgi?id=479880

there is no clean way for a proxy or captive portal to get a web client to
display an authentication dialog when user credentials expire while he is
browsing on an https url.

(to be sure, the previous methods were insecure and hackish but they existed
because nothing better was available)

The IETF finally set up to fix this problem and defined a standard HTTP error
that lets access control equipments tell the web client authentication or
re-authentication is needed and where the authentication form is located.

http://tools.ietf.org/id/draft-nottingham-http-new-status-04.txt

→ <http://www.rfc-editor.org/queue2.html#draft-nottingham-http-new-status> (the
spec is approved and in the queue for publication as RFC)

Please add error 511 handling in curl so curl users can authenticate on new-style proxies too

----------------------------------------------------------------------

>Comment By: Mailhot (nmailhot)
Date: 2012-02-19 21:44

Message:
There are several possible ways of handling it:
1. at minimum, pause or stop and tell the user authentication is required
on the page indicated by the error
2. if you have some way to know a browser is present: launch it on the form
page

Also while I agree trying to handle every possible html form would be a
mess, the page indicated in error 511 will usually just require basic auth
over https : can't you handle that?

I there are some ways the auth page can make your life easier: can you
define what they are, and just ask the ietf to document them in further
revisions of the rfc?

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2012-02-19 14:23

Message:
The 511 is meant to respond with a (link to a) HTML form. How are you
suggesting curl would act on that?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3489445&group_id=976
Received on 2012-02-20