curl-library
Re: Verification of Content-Length
Date: Mon, 29 Apr 2013 23:21:02 +0200 (CEST)
On Mon, 29 Apr 2013, David Strauss wrote:
> After not finding it in the documentation, I did some quick browsing of the
> source code. it looks like libcurl captures the Content-Length value and
> validates that the actual body content has the proper length.
It MUST handle the Content-Length value to speak HTTP at all. It is part of
the message framing.
> However, it looks like Content-MD5 doesn't receive the same treatment.
Right. It isn't necessary for libcurl, it can still do its job without that
header.
> Is there a good home in the documentation for what the split in
> responsibilities is between libcurl and a user of the library? Is there
> interest in adding optional Content-MD5 support?
Nope, and I don't think the split is crystal clear or ever was.
Content-MD5 support in libcurl would possibly make sense I think. But note
what our good friends in the httpbis group figured out:
http://tools.ietf.org/wg/httpbis/trac/ticket/178
MD5 is not considered a very safe digest algorithm and Content-MD5 is known to
be implemented inconsistently... The results being that it will not be in the
upcoming revision of the HTTP 1.1 spec!
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2013-04-29