aboutsummaryrefslogtreecommitdiff
path: root/lib/http.c
AgeCommit message (Collapse)Author
2005-10-20Dave Dribin made libcurl understand and handle cases when the serverDaniel Stenberg
(wrongly) sends *two* WWW-Authenticate headers for Digest. While this should never happen in a sane world, libcurl previously got into an infinite loop when this occurred. Dave added test 273 to verify this.
2005-07-05correction for the 407 with response-body caseDaniel Stenberg
2005-07-03Andrew Bushnell provided enough info for me to tell that we badly needed toDaniel Stenberg
fix the CONNECT authentication code with multi-pass auth methods (such as NTLM) as it didn't previously properly ignore response-bodies - in fact it stopped reading after all response headers had been received. This could lead to libcurl sending the next request and reading the body from the first request as response to the second request. (I also renamed the function, which wasn't strictly necessary but...) The best fix would to once and for all make the CONNECT code use the ordinary request sending/receiving code, treating it as any ordinary request instead of the special-purpose function we have now. It should make it better for multi-interface too. And possibly lead to less code... Added test case 265 for this. It doesn't work as a _really_ good test case since the test proxy is too stupid, but the test case helps when running the debugger to verify.
2005-05-11Modified the default HTTP headers used by libcurl:Daniel Stenberg
A) Normal non-proxy HTTP: - no more "Pragma: no-cache" (this only makes sense to proxies) B) Non-CONNECT HTTP request over proxy: - "Pragma: no-cache" is used (like before) - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) C) CONNECT HTTP request over proxy: - "Host: [name]:[port]" - "Proxy-Connection: Keep-alive"
2005-04-25Fred New reported a bug where we used Basic auth and user name and password inDaniel Stenberg
.netrc, and when following a Location: the subsequent requests didn't properly use the auth as found in the netrc file. Added test case 257 to verify my fix.
2005-04-18Toshiyuki Maezawa reported that when doing a POST with a read callback,Daniel Stenberg
libcurl didn't properly send an Expect: 100-continue header. It does now.
2005-04-07GnuTLS support added. There's now a "generic" SSL layer that we use all overDaniel Stenberg
internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls
2005-04-03Hardeep Singh reported a problem doing HTTP POST with Digest. (It was actuallyDaniel Stenberg
also affecting NTLM and Negotiate.) It turned out that if the server responded with 100 Continue before the initial 401 response, libcurl didn't take care of the response properly. Test case 245 and 246 added to verify this.
2005-03-29Don't close the connection if we're in a known negotiation mode and we won'tDaniel Stenberg
send any data anyway. Probably the bug Tom Moers noticed.
2005-03-28Based on Augustus Saunders' comments and findings, the HTTP output authDaniel Stenberg
function was fixed to use the proper proxy authentication when multiple ones were added as accepted. test 239 and test 243 were added to repeat the problems and verify the fixes.
2005-03-10Christopher R. Palmer made it possible to build libcurl with theDaniel Stenberg
USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native way to do NTLM. SSPI also allows libcurl to pass on the current user and its password in the request.
2005-02-18Ralph Mitchell reported a flaw when you used a proxy with auth, and youDaniel Stenberg
requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem.
2005-02-16Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth"Daniel Stenberg
that picks NTLM. Thanks to David Byron letting me test NTLM against his servers, I could quickly repeat and fix the problem. It turned out to be: When libcurl POSTs without knowing/using an authentication and it gets back a list of types from which it picks NTLM, it needs to either continue sending its data if it keeps the connection alive, or not send the data but close the connection. Then do the first step in the NTLM auth. libcurl didn't send the data nor close the connection but simply read the response-body and then sent the first negotiation step. Which then failed miserably of course. The fixed version forces a connection if there is more than 2000 bytes left to send.
2005-02-11Removed all uses of strftime() since it uses the localised version of theDaniel Stenberg
week day names and month names and servers don't like that.
2005-02-09FTP code turned into state machine. Not completely yet, but a good start.Daniel Stenberg
The tag 'before_ftp_statemachine' was set just before this commit in case of future need.
2005-02-06Preserve previous status in Curl_http_done().Gisle Vanem
2005-01-21FTP third transfer support overhaul. See CHANGES for details.Daniel Stenberg
2004-12-16NULL the fp pointer after it has been fclosed()Daniel Stenberg
2004-12-16Dinar in bug report #1086121, found a file handle leak when a multipartDaniel Stenberg
formpost (including a file upload part) was aborted before the whole file was sent.
2004-12-10don't try the rewind if no http struct is allocated yetDaniel Stenberg
2004-12-05Dan Fandrich added the --disable-cookies option to configure to buildDaniel Stenberg
libcurl without cookie support. This is mainly useful if you want to build a minimalistic libcurl with no cookies support at all. Like for embedded systems or similar.
2004-12-02made the intended one hour default timeout in the CONNECT loop actually workDaniel Stenberg
2004-12-02comment cleanupDaniel Stenberg
2004-12-02prevent an initial "(nil)" to get sent in the initial request when doingDaniel Stenberg
CONNECT to a proxy with digest
2004-11-24HTTP "auth done right". See lib/README.httpauthDaniel Stenberg
2004-11-19David Phillips' FD_SETSIZE fixDaniel Stenberg
2004-11-12Dan Fandrich added the --disable-crypto-auth option to configure to allowDaniel Stenberg
libcurl to build without Digest support. (I figure it should also explicitly disable Negotiate and NTLM.)
2004-11-11Fix behaviour when passing NULL to CURLOPT_POSTFIELDS and CURLOPT_HTTPPOST.Daniel Stenberg
2004-11-05Tim Sneddon's VMS fix for huge HTTP POSTsDaniel Stenberg
2004-11-02Paul Nolan fix to make libcurl build nicely on Windows CEDaniel Stenberg
2004-10-25Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on aDaniel Stenberg
file that was already completely downloaded caused an error, while it doesn't if you don't use --fail! I added test case 194 to verify the fix. Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in libcurl v8 due to all the kludges needed to support it.
2004-10-06removed tabs and trailing whitespace from sourceDaniel Stenberg
2004-09-10- Bug report #1025986. When following a Location: with a custom Host: headerDaniel Stenberg
replacement, curl only replaced the Host: header on the initial request and didn't replace it on the following ones. This resulted in requests with two Host: headers. Now, curl checks if the location is on the same host as the initial request and then continues to replace the Host: header. And when it moves to another host, it doesn't replace the Host: header but it also doesn't make the second Host: header get used in the request. This change is verified by the two new test cases 184 and 185.
2004-08-23Roman Koifman pointed out that libcurl send Expect: 100-continue on POSTs andDaniel Stenberg
PUTs even when told to use HTTP 1.0, which is not correct.
2004-08-16allow a custom "Accept-Encoding:" header override the internally set oneDaniel Stenberg
that gets set with CURLOPT_ENCODING
2004-08-16Roland Krikava's cookies over proxy fix.Daniel Stenberg
2004-07-28Fixes Brian Akins' reported problems with duplicate Host: headers on re-usedDaniel Stenberg
connections.
2004-07-01typecast to prevent picky compiler warningDaniel Stenberg
2004-07-01spellfixed commentsDaniel Stenberg
2004-06-24use snprintf() to be on the safe sideDaniel Stenberg
2004-06-19When doing auth negotiations or authprobing, we only consider HTTP codeDaniel Stenberg
<300 to be good.
2004-06-18With David Byron's test server I could repeat his problem and make sure thatDaniel Stenberg
POSTing over HTTPS:// with NTLM works fine now. There was a general problem with multi-pass authentication with non-GET operations with CONNECT.
2004-06-15Fix the auth code to enable us to i.e set DIGEST and then find out that theDaniel Stenberg
server doesn't require any auth at all and then we just continue nicely. We now have an extra bit in the connection struct named 'authprobe' that is TRUE when doing pure "HTTP authentication probing".
2004-06-13moved default: in a switch case to prevent compiler warning that 'request'Daniel Stenberg
might be used uninitialized
2004-06-03updated a commentDaniel Stenberg
2004-06-03Alexander Krasnostavsky's FTP third party transfer (proxy) supportDaniel Stenberg
2004-05-26Added a new 'bit' in the connect struct named 'tunnel_proxy' that is setDaniel Stenberg
if a connection is tunneled through a proxy. A tunnel is done with CONNECT, either when using HTTPS or FTPS, or if explicitly enabled by the app.
2004-05-24Robert D. Young reported that CURLOPT_COOKIEFILE and CURLOPT_COOKIE couldDaniel Stenberg
not be used both in one request. Fixed it and added test case 172 to verify.
2004-05-12Curl_done() and the protocol-specific conn->curl_done() functions now allDaniel Stenberg
take a CURLcode as a second argument, that is non-zero when Curl_done() is called after an error was returned from Curl_do() (or similar).
2004-05-11curl_global_init_mem() allows the memory functions to be replaced.Daniel Stenberg
memory.h is included everywhere for this.