[ https://issues.apache.org/jira/browse/AXIS2C-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron Oneal updated AXIS2C-1372:
--------------------------------
Attachment: RemoveContentLengthHeader.diff
> Setting the content-length header for libcurl causes auth to fail
> -----------------------------------------------------------------
>
> Key: AXIS2C-1372
> URL: https://issues.apache.org/jira/browse/AXIS2C-1372
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Affects Versions: 1.6.0
> Reporter: Aaron Oneal
> Priority: Blocker
> Attachments: RemoveContentLengthHeader.diff
>
> Original Estimate: 0.08h
> Remaining Estimate: 0.08h
>
> Certain auth schemes, like NTLM, may result in an empty request (no body, content-length:0)
being sent to the server first to trigger a 401 auth challenge so as not to waste bandwidth
by posting the real message body twice when it knows the first request will result in an auth
challenge.
> Libcurl currently has a bug where it will use the specified content-length on this first
request instead of sending 0, which will cause subsequent requests to fail because the message
body was never sent.
> Since libcurl automatically calculates the content-length based on the POST size, it's
not necessary to specify it from Axis2/C. Removing this header allows libcurl to calculate
the length and send the correct values during both requests.
> I recommend the content-length setting code be removed because:
> 1. It doesn't appear to be needed
> 2. Curl docs do not recommend specifying a content-length header
> 3. It's currently the only way to get NTLM authentication working (see AXIS2C-1370)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|