On Wed, 7 Dec 2022, Mellergård, Daniel wrote:

But at the same time CURLAUTH_ANY* is a bit loosely defined ("libcurl will automatically select the one it finds most secure"). I don't know if there are RFC:s that require a new negotiation with the host for each new request?

The RFCs only define the protocols, not libcurl's API. The HTTP authentication RFCs do not say that because the protocols typically do not require that.

Otherwise, I think curl should be a bit free to use whatever auth method works best for the moment.

I agree. A freedom I think it already takes advantage of.

I guess this optimization will mostly be for Basic, maybe it could be used for some other auth methods.

To me, it sounded like you expressed the optimization libcurl already does.

--

 / daniel.haxx.se
 | Commercial curl support up to 24x7 is available!
 | Private help, bug fixes, support, ports, new features
 | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to