On Wed, 7 Dec 2022, Mellergård, Daniel wrote:
But at the same time CURLAUTH_ANY* is a bit loosely defined ("libcurl will
automatically select the one it finds most secure"). I don't know if there
are RFC:s that require a new negotiation with the host for each new request?
The RFCs only define the protocols, not libcurl's API. The HTTP authentication
RFCs do not say that because the protocols typically do not require that.
Otherwise, I think curl should be a bit free to use whatever auth method
works best for the moment.
I agree. A freedom I think it already takes advantage of.
I guess this optimization will mostly be for Basic, maybe it could be used
for some other auth methods.
To me, it sounded like you expressed the optimization libcurl already does.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html