You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "S.Uthaiyashankar (JIRA)" <ji...@apache.org> on 2009/12/09 05:21:18 UTC
[jira] Updated: (AXIS2C-1372) Setting the content-length header for
libcurl causes auth to fail
[ https://issues.apache.org/jira/browse/AXIS2C-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
S.Uthaiyashankar updated AXIS2C-1372:
-------------------------------------
Fix Version/s: Next Version
Assignee: S.Uthaiyashankar
> Setting the content-length header for libcurl causes auth to fail
> -----------------------------------------------------------------
>
> Key: AXIS2C-1372
> URL: https://issues.apache.org/jira/browse/AXIS2C-1372
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Affects Versions: 1.6.0
> Reporter: Incarnadine
> Assignee: S.Uthaiyashankar
> Priority: Blocker
> Fix For: Next Version
>
> Attachments: RemoveContentLengthHeader.diff
>
> Original Estimate: 0.08h
> Remaining Estimate: 0.08h
>
> Certain auth schemes, like NTLM, may result in an empty request (no body, content-length:0) being sent to the server first to trigger a 401 auth challenge so as not to waste bandwidth by posting the real message body twice when it knows the first request will result in an auth challenge.
> Libcurl currently has a bug where it will use the specified content-length on this first request instead of sending 0, which will cause subsequent requests to fail because the message body was never sent.
> Since libcurl automatically calculates the content-length based on the POST size, it's not necessary to specify it from Axis2/C. Removing this header allows libcurl to calculate the length and send the correct values during both requests.
> I recommend the content-length setting code be removed because:
> 1. It doesn't appear to be needed
> 2. Curl docs do not recommend specifying a content-length header
> 3. It's currently the only way to get NTLM authentication working (see AXIS2C-1370)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.