cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: --proxy-ntlm and --fail

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Tue, 30 Mar 2004 00:03:14 +0200 (CEST)

On Mon, 29 Mar 2004, David Byron wrote:

> What I've done so far is just adjust the logic of the existing code to only
> fail hard if the httpcode is >= 400 but not 401 or 407, and added a call to
> Curl_http_should_fail after all the headers have been processed.

Since you call Curl_http_should_fail after the headers, you may not be able to
return the error until all headers have been received. Which is a changed
behaviour from the previous one. But I can't see how we can possibly avoid it!

> I'm guessing the right thing is to add some tests that exercise --fail (both
> with and without authentication) to be a bit more confident that things are
> working properly. I'll see if I can make some progress there.

That sounds like a clever and sensible next step. There are some already.

> If this is OK, I think the next steps for the code are:
>
> - move authdone from the stack of Curl_http into struct UrlState.

Yes. We can't put it in the connectdata struct since it might need to survive
between multiple connects.

> - adjust Curl_http_should_fail to use the info in struct UrlState to decide
> if there's an error.

Yes.

> > I can only see one problem with this approach and that is the existing
> > known bug we have already: we don't properly recognize a server that wants
> > to re-negotiate a Digest authenticaion. That will be made with a 401 (or
> > 407) respone code while 'authdone' is TRUE... (and the WWW-Authenticate
> > Digest line will contain a "stale=true" part that indicates exactly this
> > re-negotiate request from the server - RFC2617 section 3.2.1).
> >
> > So, there actually is no way to tell with 100% certainty that the response
> > means "error" by reading only the response code.
>
> One way to handle this is for the code that parses WWW-Authenticate for
> Digest needs to store some extra state in UrlState for Curl_http_should_fail
> to look at. How does that sound?

Sounds perfect. I'm working on this stale thing in the mean time!

-- 
     Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
      Dedicated custom curl help for hire: http://haxx.se/curl.html
Received on 2004-03-30