Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Disable verify_header in 7.84.0
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: bhavesh soni via curl-users <curl-users_at_lists.haxx.se>
Date: Mon, 6 Feb 2023 06:44:35 +0530
Hi Daniel
The intent of the function and it’s behaviour is ok. Np with that and I
think it does validate the completeness of the responses.
It is just that, I have a legacy product where my cameras on other hand
seems to have some issue in one of their feature’s request/response.
Actually the camera sends and additional html tag on the header response
structure for my requests.
I Dont have control over camera software and in turn latest curl at my
client which configures this camera fails the handshake due to invalidating
this faulty response.
So essentially nothing wrong with the curl or the function, but on a very
custom scale I wanted to check if I can manually disable this so as to
allow this for my case.
Thanks
Bhavesh
On Mon, 6 Feb 2023 at 4:23 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Fri, 3 Feb 2023, bhavesh soni via curl-users wrote:
>
> > Curl has introduced verify_headers() in 7.83.0/7.84.0. <http://7.84.0.0/
> >
> > This basically is invalidating the partial response
>
> Please elaborate. This function was added to make curl validate HTTP
> headers
> slighly more strict than before and instead of just silently accept almost
> whatever violation you could throw at it.
>
> If your server sends a header this function doesn't think is okay, can you
> please clarify and explain why you think this function is wrong?
>
> If this function is not wrong, then I would like to learn why we should
> change
> it.
>
> > Is there any way in the latest curl to disable this method via config or
> > something like that?
>
> No. You are the first person to mention a problem with this.
>
> > If not, If I mask up the method, what are the impact areas I need to
> take
> > care of in the code when I rebuild?
>
> You allow non-HTTP compliant headers through. The full impact of that is
> hard
> to assess, which is also part of the reason why we added that function a
> while
> back.
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
>
Date: Mon, 6 Feb 2023 06:44:35 +0530
Hi Daniel
The intent of the function and it’s behaviour is ok. Np with that and I
think it does validate the completeness of the responses.
It is just that, I have a legacy product where my cameras on other hand
seems to have some issue in one of their feature’s request/response.
Actually the camera sends and additional html tag on the header response
structure for my requests.
I Dont have control over camera software and in turn latest curl at my
client which configures this camera fails the handshake due to invalidating
this faulty response.
So essentially nothing wrong with the curl or the function, but on a very
custom scale I wanted to check if I can manually disable this so as to
allow this for my case.
Thanks
Bhavesh
On Mon, 6 Feb 2023 at 4:23 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Fri, 3 Feb 2023, bhavesh soni via curl-users wrote:
>
> > Curl has introduced verify_headers() in 7.83.0/7.84.0. <http://7.84.0.0/
> >
> > This basically is invalidating the partial response
>
> Please elaborate. This function was added to make curl validate HTTP
> headers
> slighly more strict than before and instead of just silently accept almost
> whatever violation you could throw at it.
>
> If your server sends a header this function doesn't think is okay, can you
> please clarify and explain why you think this function is wrong?
>
> If this function is not wrong, then I would like to learn why we should
> change
> it.
>
> > Is there any way in the latest curl to disable this method via config or
> > something like that?
>
> No. You are the first person to mention a problem with this.
>
> > If not, If I mask up the method, what are the impact areas I need to
> take
> > care of in the code when I rebuild?
>
> You allow non-HTTP compliant headers through. The full impact of that is
> hard
> to assess, which is also part of the reason why we added that function a
> while
> back.
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
>
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-02-06