# Server-side
<reply>
+<!--
+
+ Explanation for the duplicate 400 requests:
+
+ libcurl doesn't detect that a given Digest password is wrong already on the
+ first 401 response (as the data400 gives). libcurl will instead consider the
+ new response just as a duplicate and it sends another and detects the auth
+ problem on the second 401 response!
+
+-->
+
<!-- First request has Digest auth, wrong password -->
<data100>
HTTP/1.1 401 Need Digest auth\r
</data1400>
<!-- Fifth request has Digest auth, right password -->
-<data500>
-HTTP/1.1 401 Need Digest auth (5)\r
-Server: Microsoft-IIS/5.0\r
-Content-Type: text/html; charset=iso-8859-1\r
-Content-Length: 27\r
-WWW-Authenticate: Digest realm="testrealm", nonce="8"\r
-\r
-This is not the real page!
-</data500>
-
<data1500>
HTTP/1.1 200 Things are fine in server land (2)\r
Server: Microsoft-IIS/5.0\r
Content-Length: 29\r
WWW-Authenticate: Digest realm="testrealm", nonce="7"\r
\r
+HTTP/1.1 401 Sorry wrong password (3)\r
+Server: Microsoft-IIS/5.0\r
+Content-Type: text/html; charset=iso-8859-1\r
+Content-Length: 29\r
+WWW-Authenticate: Digest realm="testrealm", nonce="7"\r
+\r
This is a bad password page!
HTTP/1.1 200 Things are fine in server land (2)\r
Server: Microsoft-IIS/5.0\r
Host: %HOSTIP:%HTTPPORT\r
Accept: */*\r
\r
+GET /20270400 HTTP/1.1\r
+Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20270400", response="f5906785511fb60a2af8b1cd53008ead"\r
+Host: %HOSTIP:%HTTPPORT\r
+Accept: */*\r
+\r
GET /20270500 HTTP/1.1\r
Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20270500", response="8ef4d935fd964a46c3965c0863b52cf1"\r
Host: %HOSTIP:%HTTPPORT\r
<!-- Alternate the order that Digest and NTLM headers appear in responses to
ensure that the order doesn't matter. -->
+<!--
+
+ Explanation for the duplicate 400 requests:
+
+ libcurl doesn't detect that a given Digest password is wrong already on the
+ first 401 response (as the data400 gives). libcurl will instead consider the
+ new response just as a duplicate and it sends another and detects the auth
+ problem on the second 401 response!
+
+-->
+
+
<!-- First request has NTLM auth, wrong password -->
<data100>
HTTP/1.1 401 Need Digest or NTLM auth\r
WWW-Authenticate: NTLM\r
WWW-Authenticate: Digest realm="testrealm", nonce="7"\r
\r
+HTTP/1.1 401 Sorry wrong password (3)\r
+Server: Microsoft-IIS/5.0\r
+Content-Type: text/html; charset=iso-8859-1\r
+Content-Length: 29\r
+WWW-Authenticate: NTLM\r
+WWW-Authenticate: Digest realm="testrealm", nonce="7"\r
+\r
This is a bad password page!
HTTP/1.1 200 Things are fine in server land (2)\r
Server: Microsoft-IIS/5.0\r
Host: %HOSTIP:%HTTPPORT\r
Accept: */*\r
\r
+GET /20300400 HTTP/1.1\r
+Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20300400", response="d6262e9147db08c62ff2f53b515861e8"\r
+Host: %HOSTIP:%HTTPPORT\r
+Accept: */*\r
+\r
GET /20300500 HTTP/1.1\r
Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20300500", response="198757e61163a779cf24ed4c49c1ad7d"\r
Host: %HOSTIP:%HTTPPORT\r