cURL cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1458 SMTP digest-md5 auth fails

From: Steve Holme <captain-caveman_at_users.sf.net>
Date: Mon, 01 Dec 2014 23:27:48 +0000

Hi,

I appreciate that curl 7.26.0 is what ships with Debian Wheezy but that version of curl is 2 and a half years old.

Are you able to try a more recent version - perhaps a download of 7.39.0?

The reason I ask this is:

* In 7.31.0 I added the ability to override the default authentication mechanism selection behaviour and allow the user to specify the mechanism via login options in the URL (for example: smtp://user:password;AUTH=CRAM-MD5_at_smtp.example.com) which will allow you to by pass DIGEST-MD5 should you continue to have issues
* In 7.34.0 we extended this and implemented a command line argument --login-options AUTH=CRAM-MD5
* In 7.35.0 I extended the login options to support multiple mechanisms (Such as --login-options AUTH=CRAM-MD5;AUTH=NTLM or smtp://user:password;AUTH=CRAM-MD5;AUTH=NTLM_at_smtp.example.com)
* In 7.37.0 I added support for DIGEST-MD5 qop-option validation - Some servers rely on the QOP being set even though this is optional
* In 7.37.1 I extended cnonce to be a 32-byte hex string (I'm not saying they will, as I have no proof of this, but some servers might reject a short cnonce)

If you still have issues with a later version are you able to detail the communication between curl and the server. I would be interested to see the server challenge message.

Kind Regards

Steve

---
** [bugs:#1458] SMTP digest-md5 auth fails**
**Status:** open
**Labels:** smtp digest-md5 authentication 
**Created:** Mon Dec 01, 2014 11:42 AM UTC by silver
**Last Updated:** Mon Dec 01, 2014 11:42 AM UTC
**Owner:** nobody
E-mail authentication fails when email server supports DIGEST-MD5 authentication mechanism.
Auth fails when the server EHLO response contains these auth mechanisms:
250-AUTH DIGEST-MD5 CRAM-MD5
250-AUTH=DIGEST-MD5 CRAM-MD5
The curl/library selects digest-md5 and the auth fails.
Auth is OK when the server EHLO response does not contains digest-md5 mechanism:
250-AUTH CRAM-MD5
250-AUTH=CRAM-MD5
Details:
- Debian wheezy (stable)
- curl 7.26.0 (i486-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
- protocol SMTP (with or without ssl/tls)
Thank you very much.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-12-02

These mail archives are generated by hypermail.