-
I did thisI find that the library does not support "qop=auth-int" for PUT request, I expected the followingsend this kind of PUT request successfully curl/libcurl versioncurl version 7.70.0 [curl -V output] operating systemLinux |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
What is the actual
|
Beta Was this translation helpful? Give feedback.
-
Hi ,
curl -V output is:
curl 7.70.0 (arm-oe-linux-gnueabi) libcurl/7.70.0 OpenSSL/1.1.1i zlib/1.2.11
Release-Date: 2018-07-11
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smbs smb smtp smtps telnet tftp
Features: AsynchDNS Debug TrackMemory IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy
------------------------------------------------------------------------------
server says only auth-int in 401 unauthorized response.
SSL is not needed in my environment, so HTTP packets go without any SSL.
I got the latest version of curl code, auth_create_digest_http_message() shows "hash(hashbuf, (const unsigned char *)"", 0);" which is not matched the description like "If the qop value is auth-int, then A2 is: A2 = Method:digest-uri-value:H(entity-body)".
So I want to know that in the version you use, do you modify code of these lines?
if not modify it, does the server give the right 200 OK response after PUT request is sent out?
…------------------ Original ------------------
From: "Jay ***@***.***>;
Send time: Wednesday, Aug 11, 2021 11:43 AM
***@***.***>;
***@***.***>; ***@***.***>;
Subject: Re: [curl/curl] which version of curl supports auth-int for PUT or POST (#7553)
What is the actual curl -V version? Have you used verbose mode to check the headers sent by the server? curl prefers auth over auth-int if the server says either is ok. I don't know the reasons for that. If the server says only use auth-int then curl will use it. I'm able to send auth-int PUT requests when I use curl with OpenSSL, but not schannel (Windows SSL). The latter does not support it (SEC_E_QOP_NOT_SUPPORTED).
curl 7.79.0-DEV (i386-pc-win32) libcurl/7.79.0-DEV OpenSSL/1.1.1j nghttp2/1.43.0 Release-Date: [unreleased] Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS Debug HSTS HTTP2 HTTPS-proxy IPv6 Largefile NTLM SSL Unicode UnixSockets alt-svc
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
Beta Was this translation helpful? Give feedback.
-
According to a comment in the code auth-int is not supported for PUT or POST. It looks like what it is doing is using an empty hash in all cases for the body, so even though it appears to send auth-int for PUT it is probably not actually valid. It is possible if you hash the actual PUT file that it may work, I don't know. Lines 766 to 777 in bfbde88 |
Beta Was this translation helpful? Give feedback.
According to a comment in the code auth-int is not supported for PUT or POST. It looks like what it is doing is using an empty hash in all cases for the body, so even though it appears to send auth-int for PUT it is probably not actually valid. It is possible if you hash the actual PUT file that it may work, I don't know.
curl/lib/vauth/digest.c
Lines 766 to 777 in bfbde88