cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: http proxies and ftp passwords

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 9 Jun 2009 00:12:21 +0200 (CEST)

On Mon, 8 Jun 2009, Michal Marek wrote:

>> GET ftp://localhost/file HTTP/1.1
>> Authorization: Basic bHVzZXI6cG9rdXM=
>
> and fails at least with squid, because the proxy ignores Authorization: for
> ftp.
>
> $ curl -v -x localhost:3128 ftp://luser:pokus@localhost/file
> does
>> GET ftp://luser:pokus@localhost/file HTTP/1.1
>
> and works fine.
>
> Maybe this is a squid bug, but I didn't find anything relevant in the RFCs.
> The question is: does it make sense for libcurl to insert the
> username:password into the url when doing ftp via a proxy? Attached is an
> incomplete patch doing this.

Non-HTTP protocols over HTTP proxies is an area outside of all the specs so
it's not really possible to tell who's right or wrong here. Squid is a widely
used proxy so that should be reason enough for us to seriously consider this.

The only thing I fear is that there's another proxy out there with the
reversed preference...

-- 
  / daniel.haxx.se
Received on 2009-06-09