Bug 1757643

Summary: curl does not send Authorization header when receiving WWW-Authenticate header twice
Product: Red Hat Enterprise Linux 6 Reporter: Hisanobu Okuda <hokuda>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Daniel Rusek <drusek>
Severity: high Docs Contact:
Priority: urgent    
Version: 6.10CC: drusek, fkrska, kdudka, msekleta, pamadio, thozza
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: curl-7.19.7-54.el6_10 Doc Type: Bug Fix
Doc Text:
Cause: libcurl's internal state machine used for HTTP authentication got confused by a duplicated WWW-Authenticate header in the HTTP response. Consequence: libcurl did not send the Authorization header in the subsequent HTTP request and continued without the authentication. Fix: libcurl's internal state machine used for HTTP authentication was extended to handle this case properly. Result: HTTP authentication now works as expected in this case.
 Story Points: ---
Clone Of: 1754736 Environment:
Last Closed: 2019-12-17 10:51:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1754736    
Bug Blocks:    

Comment 3 Kamil Dudka 2019-10-02 10:02:16 UTC 
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017.  During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.
 
The official life cycle policy can be reviewed here:
 
http://redhat.com/rhel/lifecycle
 
This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification.  Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:
 
https://access.redhat.com
Comment 4 RHEL Program Management 2019-10-02 10:02:23 UTC 
Development Management has reviewed and declined this request. You may appeal this decision by using your Red Hat support channels, who will make certain  the issue receives the proper prioritization with product and development management.

https://www.redhat.com/support/process/production/#howto
Comment 16 errata-xmlrpc 2019-12-17 10:51:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:4253