cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Verification of Content-Length

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 29 Apr 2013 23:21:02 +0200 (CEST)

On Mon, 29 Apr 2013, David Strauss wrote:

> After not finding it in the documentation, I did some quick browsing of the
> source code. it looks like libcurl captures the Content-Length value and
> validates that the actual body content has the proper length.

It MUST handle the Content-Length value to speak HTTP at all. It is part of
the message framing.

> However, it looks like Content-MD5 doesn't receive the same treatment.

Right. It isn't necessary for libcurl, it can still do its job without that
header.

> Is there a good home in the documentation for what the split in
> responsibilities is between libcurl and a user of the library? Is there
> interest in adding optional Content-MD5 support?

Nope, and I don't think the split is crystal clear or ever was.

Content-MD5 support in libcurl would possibly make sense I think. But note
what our good friends in the httpbis group figured out:

         http://tools.ietf.org/wg/httpbis/trac/ticket/178

MD5 is not considered a very safe digest algorithm and Content-MD5 is known to
be implemented inconsistently... The results being that it will not be in the
upcoming revision of the HTTP 1.1 spec!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-29