i try to connect to http server using digest authorization by using curl from shell script.
so far curl seems to not make the 2nd http request, that is needed to finalize digest authorization.
curl output looks like:
* Expire in 1 ms for 1 (transfer 0x4fb960)
* Trying 192.168.17.24...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x4fb960)
* Connected to xxx (192.168.17.24) port 80 (#0)
* Server auth using Digest with user 'user'
> POST /config/timeofuse HTTP/1.1
> Host: xxx
> User-Agent: curl/7.64.0
> Accept: application/json, text/plain, */*
> Content-Type: application/json
> Content-Length: 0
>
< HTTP/1.1 401 Unauthorized
< X-WWW-Authenticate: Digest realm="Webinterface area", charset="UTF-8", algorithm=MD5, nonce="6463d513:3927ccc8e06b0a9d4ec28f0bc9d863bc", qop="auth"
< Content-Type: text/html
< Content-Length: 347
< Date: Tue, 16 May 2023 19:10:11 GMT
< Server: webserver
<
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>401 Unauthorized</title>
</head>
<body>
<h1>401 Unauthorized</h1>
</body>
</html>
* Connection #0 to host xxx left intact
my current assumption is, that curl needs WWW-Authenticate header but receives X-WWW-Authenticate header instead. the server i am connecting too is an embedded device, i can't change.
any ideas if a) my assumption is correct - or anything else is wrong? b) is there a way to workaround curl to interpret X-WWW-Authenticate like the WWW-Authenticate header?
any help is appreciated!
thx Alram
tried httpie, but same issue. read through the curl manual, but didn't found any setting, that could help here.