curl-library
RE: --proxy-ntlm and --fail
Date: Tue, 30 Mar 2004 00:03:14 +0200 (CEST)
On Mon, 29 Mar 2004, David Byron wrote:
> What I've done so far is just adjust the logic of the existing code to only
> fail hard if the httpcode is >= 400 but not 401 or 407, and added a call to
> Curl_http_should_fail after all the headers have been processed.
Since you call Curl_http_should_fail after the headers, you may not be able to
return the error until all headers have been received. Which is a changed
behaviour from the previous one. But I can't see how we can possibly avoid it!
> I'm guessing the right thing is to add some tests that exercise --fail (both
> with and without authentication) to be a bit more confident that things are
> working properly. I'll see if I can make some progress there.
That sounds like a clever and sensible next step. There are some already.
> If this is OK, I think the next steps for the code are:
>
> - move authdone from the stack of Curl_http into struct UrlState.
Yes. We can't put it in the connectdata struct since it might need to survive
between multiple connects.
> - adjust Curl_http_should_fail to use the info in struct UrlState to decide
> if there's an error.
Yes.
> > I can only see one problem with this approach and that is the existing
> > known bug we have already: we don't properly recognize a server that wants
> > to re-negotiate a Digest authenticaion. That will be made with a 401 (or
> > 407) respone code while 'authdone' is TRUE... (and the WWW-Authenticate
> > Digest line will contain a "stale=true" part that indicates exactly this
> > re-negotiate request from the server - RFC2617 section 3.2.1).
> >
> > So, there actually is no way to tell with 100% certainty that the response
> > means "error" by reading only the response code.
>
> One way to handle this is for the code that parses WWW-Authenticate for
> Digest needs to store some extra state in UrlState for Curl_http_should_fail
> to look at. How does that sound?
Sounds perfect. I'm working on this stale thing in the mean time!
-- Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se Dedicated custom curl help for hire: http://haxx.se/curl.htmlReceived on 2004-03-30