- Internet Explorer had a broken HTTP digest authentication before v7 and

  there are servers "out there" that relies on the client doing this broken
  Digest authentication. Apache even comes with an option to work with such
  broken clients.

  The difference is only for URLs that contain a query-part (a '?'-letter and
  text to the right of it).

  libcurl now supports this quirk, and you enable it by setting the
  CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or
  CURLOPT_PROXYAUTH options. They are thus individually controlled to server
  and proxy.

1 files changed, 19 insertions, 0 deletions

diff --git a/lib/url.c b/lib/url.c
index 9037bf920..1cf8b08da 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1319,6 +1319,16 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
      */
   {
     long auth = va_arg(param, long);
+
+    /* the DIGEST_IE bit is only used to set a special marker, for all the
+       rest we need to handle it as normal DIGEST */
+    data->state.authhost.iestyle = (auth & CURLAUTH_DIGEST_IE)?TRUE:FALSE;
+
+    if(auth & CURLAUTH_DIGEST_IE) {
+      auth |= CURLAUTH_DIGEST; /* set standard digest bit */
+      auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
+    }
+
     /* switch off bits we can't support */
 #ifndef USE_NTLM
     auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */
@@ -1354,6 +1364,15 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
      */
   {
     long auth = va_arg(param, long);
+
+    /* the DIGEST_IE bit is only used to set a special marker, for all the
+       rest we need to handle it as normal DIGEST */
+    data->state.authproxy.iestyle = (auth & CURLAUTH_DIGEST_IE)?TRUE:FALSE;
+
+    if(auth & CURLAUTH_DIGEST_IE) {
+      auth |= CURLAUTH_DIGEST; /* set standard digest bit */
+      auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
+    }
     /* switch off bits we can't support */
 #ifndef USE_NTLM
     auth &= ~CURLAUTH_NTLM; /* no NTLM without SSL */