bagder: curl CHANGES,1.725,1.726 RELEASE-NOTES,1.261,1.262

Update of /cvsroot/curl/curl
In directory labb:/tmp/cvs-serv10325

Modified Files:
        CHANGES RELEASE-NOTES 
Log Message:
Andrew Bushnell provided enough info for me to tell that we badly needed to
fix the CONNECT authentication code with multi-pass auth methods (such as
NTLM) as it didn't previously properly ignore response-bodies - in fact it
stopped reading after all response headers had been received. This could
lead to libcurl sending the next request and reading the body from the first
request as response to the second request. (I also renamed the function,
which wasn't strictly necessary but...)

The best fix would to once and for all make the CONNECT code use the
ordinary request sending/receiving code, treating it as any ordinary request
instead of the special-purpose function we have now. It should make it
better for multi-interface too. And possibly lead to less code...

Added test case 265 for this. It doesn't work as a _really_ good test case
since the test proxy is too stupid, but the test case helps when running the
debugger to verify.


Index: RELEASE-NOTES
===================================================================
RCS file: /cvsroot/curl/curl/RELEASE-NOTES,v
retrieving revision 1.261
retrieving revision 1.262
diff -u -d -r1.261 -r1.262
--- RELEASE-NOTES       28 Jun 2005 09:08:52 -0000      1.261
+++ RELEASE-NOTES       3 Jul 2005 22:25:15 -0000       1.262
@@ -16,6 +16,8 @@
 
 This release includes the following bugfixes:
 
+ o treats CONNECT 407 responses with bodies better during Digest/NTLM auth
+ o debug builds work on Tru64
  o improved libcurl.m4
  o possible memory leak in windows name resolves
  o c-ares enabled build with mingw
@@ -37,6 +39,6 @@
 advice from friends like these:
 
  John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza,
- Tupone Alfredo, Gisle Vanem, David Shaw
+ Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell
 
         Thanks! (and sorry if I forgot to mention someone)

Index: CHANGES
===================================================================
RCS file: /cvsroot/curl/curl/CHANGES,v
retrieving revision 1.725
retrieving revision 1.726
diff -u -d -r1.725 -r1.726
--- CHANGES     22 Jun 2005 22:31:08 -0000      1.725
+++ CHANGES     3 Jul 2005 22:25:15 -0000       1.726
@@ -7,6 +7,24 @@
                                   Changelog
 
 
+Daniel (4 July 2005)
+- Andrew Bushnell provided enough info for me to tell that we badly needed to
+  fix the CONNECT authentication code with multi-pass auth methods (such as
+  NTLM) as it didn't previously properly ignore response-bodies - in fact it
+  stopped reading after all response headers had been received. This could
+  lead to libcurl sending the next request and reading the body from the first
+  request as response to the second request. (I also renamed the function,
+  which wasn't strictly necessary but...)
+
+  The best fix would to once and for all make the CONNECT code use the
+  ordinary request sending/receiving code, treating it as any ordinary request
+  instead of the special-purpose function we have now. It should make it
+  better for multi-interface too. And possibly lead to less code...
+
+  Added test case 265 for this. It doesn't work as a _really_ good test case
+  since the test proxy is too stupid, but the test case helps when running the
+  debugger to verify.
+
 Daniel (23 June 2005)
 - David Shaw's fix that unifies proxy string treatment so that a proxy given
   with CURLOPT_PROXY can use a http:// prefix and user + password. The user

_______________________________________________
http://cool.haxx.se/mailman/listinfo/curl-commits