[
https://issues.apache.org/jira/browse/AXIS2C-1370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Mantaut updated AXIS2C-1370:
---------------------------------
Comment: was deleted
(was: New version of the patch... Removed line
AXIS2_FREE(data->env->allocator, content_type);
because libcurl returns a weak link to it... so it must not be released from
here
for more information see http://curl.haxx.se/libcurl/c/curl_easy_getinfo.html
Thanks a lot Dinesh for the catch!
)
> Axis should support libcurl's other auth types (not just basic)
> ---------------------------------------------------------------
>
> Key: AXIS2C-1370
> URL: https://issues.apache.org/jira/browse/AXIS2C-1370
> Project: Axis2-C
> Issue Type: Improvement
> Components: transport/http
> Affects Versions: 1.6.0
> Reporter: Incarnadine
> Assignee: Dinesh Weerapurage
> Fix For: Next Version
>
> Attachments: axis2c-1370.diff, axis2c_libcurl_auth.patch,
> axis2c_libcurl_auth_v2.patch, axis2_libcurl.c.diff, options.c.diff
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> Looking over axis2_libcurl_set_auth_options() I see it only allows basic auth.
> if (auth_type &&
> 0 == axutil_strcmp(auth_type, AXIS2_HTTP_AUTH_TYPE_BASIC))
> {
> curl_easy_setopt(handler, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
> }
> else
> {
> /* Uses anonymous connection.*/
> }
> If new schemes can be enabled as easily as mapping Axis options to Libcurl,
> this would appear to be an easy fix. Other supported values to be mapped
> include:
> CURLAUTH_BASIC
> HTTP Basic authentication. This is the default choice, and the only method
> that is in wide-spread use and supported virtually everywhere. This is
> sending the user name and password over the network in plain text, easily
> captured by others.
> CURLAUTH_DIGEST
> HTTP Digest authentication. Digest authentication is defined in RFC2617 and
> is a more secure way to do authentication over public networks than the
> regular old-fashioned Basic method.
> CURLAUTH_GSSNEGOTIATE
> HTTP GSS-Negotiate authentication. The GSS-Negotiate (also known as plain
> "Negotiate") method was designed by Microsoft and is used in their web
> applications. It is primarily meant as a support for Kerberos5 authentication
> but may be also used along with another authentication methods. For more
> information see IETF draft draft-brezak-spnego-http-04.txt.
> You need to build libcurl with a suitable GSS-API library for this to work.
> CURLAUTH_NTLM
> HTTP NTLM authentication. A proprietary protocol invented and used by
> Microsoft. It uses a challenge-response and hash concept similar to Digest,
> to prevent the password from being eavesdropped.
> You need to build libcurl with OpenSSL support for this option to work, or
> build libcurl on Windows.
> CURLAUTH_ANY
> This is a convenience macro that sets all bits and thus makes libcurl pick
> any it finds suitable. libcurl will automatically select the one it finds
> most secure.
> CURLAUTH_ANYSAFE
> This is a convenience macro that sets all bits except Basic and thus makes
> libcurl pick any it finds suitable. libcurl will automatically select the one
> it finds most secure.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: c-dev-h...@axis.apache.org
