Re: [Freeswitch-users] mod_xml_curl http POST is inconsistent/bug

Tue, 06 Oct 2009 20:13:50 -0700

Could you open a bug on jira.freeswitch.org as a feature request to make this a configurable param. (patches that do it even better) 

Mike

On Oct 6, 2009, at 12:55 PM, Christian Damianidis wrote:
I’ve tested this and making the change from ANY to BASIC worked. Thanks for the help. 
It no longer sends the initial post without auth.
From: Anthony Minessale [mailto:anthony.miness...@gmail.com]
Sent: Tuesday, October 06, 2009 11:02 AM
To: freeswitch-users@lists.freeswitch.org
Subject: Re: [Freeswitch-users] mod_xml_curl http POST is inconsistent/bug
My guess is that we configure the curl to support the full range of http auth methods. Some of them like Digest require a challenge and realm etc so it's probably asking without auth header because it cannot create one until it gets that data. In the case of Basic you can send the login and pass right away but it does not know in advance that it will be basic. 

Here is a snippet from the libcurl api docs:
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Both these options allow you to set multiple types (by ORing them together), to make libcurl pick the most secure one out of the types the server/proxy claims to support. This method does however add a round-trip since libcurl must first ask the server what it supports:
curl_easy_setopt(easyhandle, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST| CURLAUTH_BASIC); 

-------------------------------------------------------------------------------------------------------------------------------------------------------------
So my guess is that if we set it to only support basic, then it would work how you expect so if you want to test it for me I can make it into a parameter.
edit: /usr/src/freeswitch.trunk/src/mod/xml_int/mod_xml_curl/ mod_xml_curl.c line 220 
change

curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

to

curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
If this works i'll think about exposing the auth methods so you can choose them in the config. 




_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

Reply via email to