Curl_pretransfer: clear out unwanted auth methods

As a handle can be re-used after having done HTTP auth in a previous
request, it must make sure to clear out the HTTP types that aren't
wanted in this new request.

diff --git a/lib/transfer.c b/lib/transfer.c
index a00469ee6323e118ba4b7d2dce1027f9253731bb..3492efd25a8e77e6f1180feed2e48b857988ba5a 100644 (file)
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1469,6 +1469,12 @@ CURLcode Curl_pretransfer(struct SessionHandle *data)
 
     if(data->set.connecttimeout)
       Curl_expire(data, data->set.connecttimeout);
+
+    /* In case the handle is re-used and an authentication method was picked
+       in the session we need to make sure we only use the one(s) we now
+       consider to be fine */
+    data->state.authhost.picked &= data->state.authhost.want;
+    data->state.authproxy.picked &= data->state.authproxy.want;
   }
 
   return res;