[ https://issues.apache.org/jira/browse/AXIS2C-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
S.Uthaiyashankar updated AXIS2C-1372: ------------------------------------- Fix Version/s: Next Version Assignee: S.Uthaiyashankar > Setting the content-length header for libcurl causes auth to fail > ----------------------------------------------------------------- > > Key: AXIS2C-1372 > URL: https://issues.apache.org/jira/browse/AXIS2C-1372 > Project: Axis2-C > Issue Type: Bug > Components: transport/http > Affects Versions: 1.6.0 > Reporter: Incarnadine > Assignee: S.Uthaiyashankar > Priority: Blocker > Fix For: Next Version > > Attachments: RemoveContentLengthHeader.diff > > Original Estimate: 0.08h > Remaining Estimate: 0.08h > > Certain auth schemes, like NTLM, may result in an empty request (no body, > content-length:0) being sent to the server first to trigger a 401 auth > challenge so as not to waste bandwidth by posting the real message body twice > when it knows the first request will result in an auth challenge. > Libcurl currently has a bug where it will use the specified content-length on > this first request instead of sending 0, which will cause subsequent requests > to fail because the message body was never sent. > Since libcurl automatically calculates the content-length based on the POST > size, it's not necessary to specify it from Axis2/C. Removing this header > allows libcurl to calculate the length and send the correct values during > both requests. > I recommend the content-length setting code be removed because: > 1. It doesn't appear to be needed > 2. Curl docs do not recommend specifying a content-length header > 3. It's currently the only way to get NTLM authentication working (see > AXIS2C-1370) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.