cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Problem with NEGOTIATE-Proxy-Authentication and not reusing underlying TCP-Connections

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 23 Oct 2014 15:47:24 +0200 (CEST)

On Thu, 23 Oct 2014, Stefan Bühler wrote:

>> I think you need to motivate this better than just operation A should be
>> the same as operation B if you think we should change it.
>
> This is not what the documentation on
> http://curl.haxx.se/libcurl/c/curl_easy_reset.html indicates. "live
> connections, the Session ID cache, the DNS cache, the cookies and shares" is
> a list that imho is completely covered by the use of multi and shared
> handles, and therefore using new easy handles while keeping multi and shared
> handles should be the same as curl_easy_reset.

(We're drifting away from the original topic here.) The cookies are for
example not shared within the multi handle. But there is also other state,
like this authentication info that is stored in the easy handle.

Also, there's the easy interface that doesn't use the multi handle.

Can you tell us why you think we should throw away all state in
curl_easy_reset? What is the problem with the current functionality?

> Also I still think it is bad the Proxy-Authorization survives when the
> connection gets assigned to another easy handle (especially when such
> behavior breaks connections, like NTLM/Negotiate with MS proxies).

NTLM is connection-based so it shouldn't just carry over to another
non-authenticated connection. If it does, it is a bug. A fresh connection for
NTLM means setting up the authentication again from the start.

Negotiate we've just concluded needs to be connection-based as well and thus
it should "live" under the same restrictions as NTLM.

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-23