--- src/http.c.orig	Wed Jul 20 09:54:43 2005
+++ src/http.c	Tue Jul 05 17:30:10 2005
@@ -1261,33 +1261,6 @@
   user = user ? user : (opt.http_user ? opt.http_user : opt.user);
   passwd = passwd ? passwd : (opt.http_passwd ? opt.http_passwd : opt.passwd);
 
-  if (user && passwd)
-    {
-      /* We have the username and the password, but haven't tried
-	 any authorization yet.  Let's see if the "Basic" method
-	 works.  If not, we'll come back here and construct a
-	 proper authorization method with the right challenges.
-
-	 If we didn't employ this kind of logic, every URL that
-	 requires authorization would have to be processed twice,
-	 which is very suboptimal and generates a bunch of false
-	 "unauthorized" errors in the server log.
-
-	 #### But this logic also has a serious problem when used
-	 with stronger authentications: we *first* transmit the
-	 username and the password in clear text, and *then* attempt a
-	 stronger authentication scheme.  That cannot be right!  We
-	 are only fortunate that almost everyone still uses the
-	 `Basic' scheme anyway.
-
-	 There should be an option to prevent this from happening, for
-	 those who use strong authentication schemes and value their
-	 passwords.  */
-      request_set_header (req, "Authorization",
-			  basic_authentication_encode (user, passwd),
-			  rel_value);
-    }
-
   proxyauth = NULL;
   if (proxy)
     {
@@ -1657,11 +1630,20 @@
 	       unrecognized, there's no sense in retrying.  */
 	    logputs (LOG_NOTQUIET, _("Unknown authentication scheme.\n"));
 	  else if (BEGINS_WITH (www_authenticate, "Basic"))
-	    /* If the authentication scheme is "Basic", which we send
-	       by default, there's no sense in retrying either.  (This
-	       should be changed when we stop sending "Basic" data by
-	       default.)  */
-	    ;
+            {
+              request_set_header (req, "Authorization",
+                                  basic_authentication_encode (user, passwd),
+                                  rel_value);
+
+              /* If using a proxy, then conn is currently a connection to the 
+                 host by way of the proxy, but retry_with_auth assumes conn
+                 has already been initialized with the proxy information, so
+                 reinitialize conn with proxy */
+              if (proxy)
+                conn = proxy;
+
+              goto retry_with_auth;
+            }
 	  else
 	    {
 	      char *pth;