[
https://issues.apache.org/jira/browse/AXIS2C-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron Oneal updated AXIS2C-1372:
--------------------------------
Attachment: RemoveContentLengthHeader.diff
> Setting the content-length header for libcurl causes auth to fail
> -----------------------------------------------------------------
>
> Key: AXIS2C-1372
> URL: https://issues.apache.org/jira/browse/AXIS2C-1372
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Affects Versions: 1.6.0
> Reporter: Aaron Oneal
> Priority: Blocker
> Attachments: RemoveContentLengthHeader.diff
>
> Original Estimate: 0.08h
> Remaining Estimate: 0.08h
>
> Certain auth schemes, like NTLM, may result in an empty request (no body,
> content-length:0) being sent to the server first to trigger a 401 auth
> challenge so as not to waste bandwidth by posting the real message body twice
> when it knows the first request will result in an auth challenge.
> Libcurl currently has a bug where it will use the specified content-length on
> this first request instead of sending 0, which will cause subsequent requests
> to fail because the message body was never sent.
> Since libcurl automatically calculates the content-length based on the POST
> size, it's not necessary to specify it from Axis2/C. Removing this header
> allows libcurl to calculate the length and send the correct values during
> both requests.
> I recommend the content-length setting code be removed because:
> 1. It doesn't appear to be needed
> 2. Curl docs do not recommend specifying a content-length header
> 3. It's currently the only way to get NTLM authentication working (see
> AXIS2C-1370)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
