This bug has been open for a while and I had lost sight of it. Upon prompted recently, I dug bit 
into history and could think of a good solution.

A brief history.

1. The bug "maximum recursion depth exceeded" when doing Basic Authentication was introduced in 
5f9939af2f71 (issue3819). I verified it by doing "hg update 5f9939af2f71" and running basic 
authentication test against a server.

2. This was 'fixed' with giving an upper limit to retries and doing it similar to Digest 
Authentication as part of this ticket and it is case recent current tip 
(acb30ed7eceb when I ran the test).

However, this fix is not satisfactory for multiple reasons like fix is not satisfactory and not 
having concrete reasons for doing retries for Basic Auth and why 401 error should be considered 
special.  I agree with this, this fix was more like to avoid recursion 
and throw the correct HTTPError.

Also, it is important to note that, before a regression was introduced in r59118, the prior 
revision ( hg update 5f9939af2f71^  -which led me to c8ef906b11b8) had correct behavior, where 
HTTPError was thrown upon invalid user:pass immediately.  

So, going back to that behavior was the right thing to do.

Sam Bull's suggestion and patch looks right to me. It is correct to verify the un-redirected hdrs 
too when checking for auth and go with the behavior as it in c8ef906b11b8)

I have improved upon the patch for 3.5 and added tests which were not present too. I think, this
should go in all active versions of python as there is no api change or behavior behavior, but 
improvement in way HTTPError is thrown.