Commit b439e8ff authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Do the auth stuff at the end-of-headers and not at the start-of-body, as 

we might not get a body when we get a 401 with a set of WWW-Authenticate:
headers. This fixes the problem Kevin Roth detected in 7.10.8-pre4 and pre5.
Verified by test case 91.
parent 475166fc

lib/transfer.c

+5 −5
Original line number Diff line number Diff line
@@ -450,6 +450,11 @@ CURLcode Curl_readwrite(struct connectdata *conn, 
              data->info.header_size += headerlen;

              conn->headerbytecount += headerlen;



              /* *auth_act() checks what authentication methods that are

                 available and decides which one (if any) to use. It will

                 set 'newurl' if an auth metod was picked. */

              Curl_http_auth_act(conn);

              

              if(!k->header) {

                /*

                 * really end-of-headers.
@@ -824,11 +829,6 @@ CURLcode Curl_readwrite(struct connectdata *conn, 
            if(conn->protocol&PROT_HTTP) {

              /* HTTP-only checks */



              /* *auth_act() checks what authentication methods that are

                 available and decides which one (if any) to use. It will

                 set 'newurl' if an auth metod was picked. */

              Curl_http_auth_act(conn);

              

              if (conn->newurl) {

                if(conn->bits.close) {

                  /* Abort after the headers if "follow Location" is set