commit b439e8ffb7e27bb5a7cc22abeb8743eebc57ec70
author Daniel Stenberg <daniel@haxx.se> Wed Oct 22 11:15:48 2003 +0000
committer Daniel Stenberg <daniel@haxx.se> Wed Oct 22 11:15:48 2003 +0000
tree fd8117a236ed21058e7eb2aac2e141c4eb9675ff
parent 475166fc8bf2010ade87956f7626e3e03a5e9004

Do the auth stuff at the end-of-headers and not at the start-of-body, as
we might not get a body when we get a 401 with a set of WWW-Authenticate:
headers. This fixes the problem Kevin Roth detected in 7.10.8-pre4 and pre5.
Verified by test case 91.

lib/transfer.c

diff --git a/lib/transfer.c b/lib/transfer.c
index 99beee2..d66254b 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -450,6 +450,11 @@
               data->info.header_size += headerlen;
               conn->headerbytecount += headerlen;
 
+              /* *auth_act() checks what authentication methods that are
+                 available and decides which one (if any) to use. It will
+                 set 'newurl' if an auth metod was picked. */
+              Curl_http_auth_act(conn);
+              
               if(!k->header) {
                 /*
                  * really end-of-headers.
@@ -824,11 +829,6 @@
             if(conn->protocol&PROT_HTTP) {
               /* HTTP-only checks */
 
-              /* *auth_act() checks what authentication methods that are
-                 available and decides which one (if any) to use. It will
-                 set 'newurl' if an auth metod was picked. */
-              Curl_http_auth_act(conn);
-              
               if (conn->newurl) {
                 if(conn->bits.close) {
                   /* Abort after the headers if "follow Location" is set