I've added a new auth test at 
https://github.com/JoeNotCharles/curl/commits/auth_state (top commit)

It uses one connection and sends 6 requests on it, each with CURLAUTH_ALL. Each 
even-numbered request uses credentials "testuser:wrongpass" (will fail auth) 
and each odd-numbered request uses credentials "testuser:testpass". The server 
side of the test will reply to the first two requests with WWW-Authenticate: 
Basic (only), the next two with Digest (only), and the last two with NTLM 
(only). So, this tests that different types of auth can be used over the same 
connection when the auth type allowed by the user is not artificially 
restricted as in the previous auth tests.

This is a valid real-world test because it's not uncommon for different 
directories on the same server to have different auth types enabled (controlled 
by .htaccess files, for instance) and requests to different directories on the 
same server should reuse the same connection, so responses from the server on 
the same connection may in fact have different WWW-Authenticate headers.

I'm pretty sure the expected input and output for this test are correct - I 
tested it by testing the 2 requests for each auth type separately. But note 
that there's no version of curl that will currently pass it. Before sha 
ce8311c7e49eca93c136b58efa6763853541ec97, after the two Basic requests, the 
Digest and NTLM requests will never be sent because auth->picked is still set 
to Basic. After that SHA, curl does not remember what the server claimed to 
support in the last request.

Tomorrow I'll start trying to find a solution. In the meantime, can anyone spot 
any problems with the test or other cases that should be added?

Joe

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential 
information, privileged material (including material protected by the 
solicitor-client or other applicable privileges), or constitute non-public 
information. Any use of this information by anyone other than the intended 
recipient is prohibited. If you have received this transmission in error, 
please immediately reply to the sender and delete this information from your 
system. Use, dissemination, distribution, or reproduction of this transmission 
by unintended recipients is not authorized and may be unlawful.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Reply via email to