On Wed, 7 Dec 2022, Mellergård, Daniel wrote:
I have looked around a bit in the curl documentation and not found much of interest regarding this. Would you please elaborate a bit on what conditions affects if a previous auth may be reused or not? And maybe direct me in the source code if the decision is somewhat kept together in a section.
The previous auth, as in *the existing* auth is reused as in the header is set when you have the same credentials and do another transfer. But the server might retrigger "negotiation" in several of the auths (Digest, Negotiate, NTLM etc) and then curl might get a 401/407 and then send an updated auth header.
For NTLM, it is used to authenticate the connection so it is different.When you ask for auth to begin with and you allow more than one method, curl will need at least one roundtrip to first get to know which auth methods that the server accepts.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
