0

I am experiencing really weird bug in PHP cURL when using CURLAUTH_NEGOTIATE authentication. When I send GET requests everything works fine. But after setting request type to POST server returns 401 response code.

<?php

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com/example/path");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

$fields = array(
   'data1' => 'value1',
   'data2' => 'value2',
);

// ----- Removing this two lines below makes everything work fine -----
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
// --------------------------------------------------------------------

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NEGOTIATE);
curl_setopt($ch, CURLOPT_USERPWD, 'domain\user:password');

$output = curl_exec($ch);
curl_close($ch);

// With POST request response contains standard IIS unauthorized error
// (with 401 response code). With GET request everything works fine 
// and response contains expected results returned from PHP script
var_dump(htmlentities($output));

PHP version on the server is 7.3.6. cURL is configured as below:

cURL support => enabled
cURL Information => 7.64.0
Age => 4

AsynchDNS => Yes
CharConv => No
Debug => No
GSS-Negotiate => No
IDN => Yes
IPv6 => Yes
krb4 => No
Largefile => Yes
libz => Yes
NTLM => Yes
NTLMWB => No
SPNEGO => Yes
SSL => Yes
SSPI => Yes
TLS-SRP => No
HTTP2 => Yes
GSSAPI => No
KERBEROS5 => Yes
UNIX_SOCKETS => No
PSL => No
HTTPS_PROXY => Yes
MULTI_SSL => No
BROTLI => No
Protocols => dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
Host => x86_64-pc-win32
SSL Version => OpenSSL/1.1.1b
ZLib Version => 1.2.11
libSSH Version => libssh2/1.8.2

Destination server is available directly without any proxy.

Did anyone experienced similar problems? Is it a bug in PHP or maybe I am doing it wrong? Thanks in advance for the any replies.

Grzegorz B.
  • 296
  • 4
  • 10
  • Possible duplicate of https://stackoverflow.com/questions/47897012/difference-between-curlauth-negotiate-in-php-libcurl-vs-negotiate-in-curl-7-5 – 04FS Jun 13 '19 at 12:47
  • 1
    https://github.com/curl/curl/issues/1261 might also be related – 04FS Jun 13 '19 at 12:48
  • Thanks for your comments. In the first case I don't thinks it's a duplicate. In that question their problem is some general error related to every cURL request. In my case the problem occurs only with POST requests. As for the second link this information looks really interesting. It may be the same error. I will have to look closer but it looks like a bug in cURL. I was kinda hoping that it was my mistake or some misconfiguration. Again thanks for the help. – Grzegorz B. Jun 13 '19 at 17:50
  • I've copied this example from the dev server where are some slight problems with certificates and its verification is not that important. In production environment ssl verification will definitely be on. But thanks for the reminder. – Grzegorz B. Jun 14 '19 at 05:14

0 Answers0