Go to file
Isaac Boukris 7975d10cf8 http: Fix proxy connection reuse with basic-auth
When using basic-auth, connections and proxy connections
can be re-used with different Authorization headers since
it does not authenticate the connection (like NTLM does).

For instance, the below command should re-use the proxy
connection, but it currently doesn't:
curl -v -U alice:a -x http://localhost:8181 http://localhost/
  --next -U bob:b -x http://localhost:8181 http://localhost/

This is a regression since refactoring of ConnectionExists()
as part of: cb4e2be7c6

Fix the above by removing the username and password compare
when re-using proxy connection at proxy_info_matches().

However, this fix brings back another bug would make curl
to re-print the old proxy-authorization header of previous
proxy basic-auth connection because it wasn't cleared.

For instance, in the below command the second request should
fail if the proxy requires authentication, but would succeed
after the above fix (and before aforementioned commit):
curl -v -U alice:a -x http://localhost:8181 http://localhost/
  --next -x http://localhost:8181 http://localhost/

Fix this by clearing conn->allocptr.proxyuserpwd after use
unconditionally, same as we do for conn->allocptr.userpwd.

Also fix test 540 to not expect digest auth header to be
resent when connection is reused.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

Closes https://github.com/curl/curl/pull/1350
2017-03-28 03:54:43 -04:00
.github ISSUE_TEMPLATE: for bugs, ask questions on the mailing list 2017-03-10 10:32:01 +01:00
CMake spelling fixes 2017-03-26 23:56:23 +02:00
docs examples/fopen: checksrc compliance 2017-03-28 02:55:14 -04:00
include spelling fixes 2017-03-26 23:56:23 +02:00
lib http: Fix proxy connection reuse with basic-auth 2017-03-28 03:54:43 -04:00
m4 spelling fixes 2017-03-26 23:56:23 +02:00
packages spelling fixes 2017-03-26 23:56:23 +02:00
projects checksrc.bat: Ignore curl_config.h.in, curl_config.h 2017-03-02 02:51:13 -05:00
scripts updatemanpages.pl: Update man pages to use current date and versions 2017-03-07 23:27:31 +01:00
src spelling fixes 2017-03-26 23:56:23 +02:00
tests http: Fix proxy connection reuse with basic-auth 2017-03-28 03:54:43 -04:00
winbuild winbuild: add basic support for OpenSSL 1.1.x 2017-03-13 16:05:33 -04:00
.dir-locals.el Add .dir-locals and set c-basic-offset to 2. 2015-12-23 10:16:14 +01:00
.gitattributes .gitattributes: turn off CRLF for *.am 2017-03-27 19:56:10 +02:00
.gitignore build: Install zsh completion 2015-11-24 22:22:01 +01:00
.travis.yml travis: run tests-nonflaky instead of tests-full 2017-03-22 10:55:10 +01:00
acinclude.m4 configure: verify that compiler groks -Werror=partial-availability 2016-11-03 23:37:59 +01:00
appveyor.yml Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING 2016-07-01 09:53:22 +02:00
buildconf URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
buildconf.bat dist: ship buildconf.bat too 2016-02-12 16:45:25 +01:00
CHANGES CHANGES: spell fix, use correct path to script 2017-02-07 08:22:37 +01:00
CMakeLists.txt cmake: build manual pages (including curl.1) 2017-03-21 14:49:53 +01:00
configure.ac configure: fix --with-zlib when a path is specified 2017-03-03 02:53:35 -05:00
COPYING COPYING: update the generic copyright year range 2017-01-07 20:25:43 +01:00
CTestConfig.cmake
curl-config.in URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
GIT-INFO CHANGES.0: removed 2017-02-07 08:20:10 +01:00
libcurl.pc.in URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
MacOSX-Framework MacOSX-Framework: sdk regex fix for sdk 10.10 and later 2015-10-25 12:35:49 +01:00
Makefile.am spelling fixes 2017-03-26 23:56:23 +02:00
Makefile.dist VC: remove the makefile.vc6 build infra 2017-01-23 14:27:32 +01:00
maketgz maketgz: Run updatemanpages.pl to update man pages 2017-03-07 23:36:17 +01:00
README URLs: follow GitHub project rename (also Travis CI) 2016-02-04 23:01:38 +01:00
README.md README.md: add coverity and travis badges 2017-03-10 14:50:29 +01:00
RELEASE-NOTES RELEASE-NOTES: typo 2017-03-21 12:39:18 +01:00

curl logo CII Best Practices Coverity passed Build Status

Curl is a command-line tool for transferring data specified with URL syntax. Find out how to use curl by reading the curl.1 man page or the MANUAL document. Find out how to install Curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to learn how!

You find answers to the most frequent questions we get in the FAQ document.

Study the COPYING file for distribution terms and similar. If you distribute curl binaries or other binaries that involve libcurl, you might enjoy the LICENSE-MIXING document.

Contact

If you have problems, questions, ideas or suggestions, please contact us by posting to a suitable mailing list.

All contributors to the project are listed in the THANKS document.

Website

Visit the curl web site for the latest news and downloads.

Git

To download the very latest source off the Git server do this:

git clone https://github.com/curl/curl.git

(you'll get a directory named curl created, filled with the source code)

Notice

Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.