- Setting the Content-Length: header from your app when you do a POST or PUT

                                  Changelog

<<<<<<< CHANGES

Daniel Stenberg (4 June 2009)

- Setting the Content-Length: header from your app when you do a POST or PUT

  is almost always a VERY BAD IDEA. Yet there are still apps out there doing

  this, and now recently it triggered a bug/side-effect in libcurl as when

  libcurl sends a POST or PUT with NTLM, it sends an empty post first when it

  knows it will just get a 401/407 back. If the app then replaced the

  Content-Length header, it caused the server to wait for input that libcurl

  wouldn't send. Aaron Oneal reported this problem in bug report #2799008

  http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.

=======

Yang Tse (4 Jun 2009)

- Igor Novoseltsev provided patches and information, that after some

  adjustments to better fit curl's way of doing things, have resulted

  in the posibility of building libcurl for VxWorks.

>>>>>>> 1.1683

Daniel Fandrich (2 June 2009)

- Checked in a Google Android make file. To use it, you must first

  create a config.h file by running configure in the Android environment,

 o libcurl-NSS build fixes

 o libcurl-NSS build fix

 o configure script fixed for VMS

<<<<<<< RELEASE-NOTES

 o set Content-Length: with POST and PUT failed with NTLM auth

=======

 o allow building libcurl for VxWorks

>>>>>>> 1.1030

This release includes the following known bugs:

This release would not have looked like this without help, code, reports and

advice from friends like these:

<<<<<<< RELEASE-NOTES

 Yang Tse, Daniel Fandrich, Kamil Dudka, Caolan McNamara, Frank McGeough,

 Andre Guibert de Bruet, Mike Crowe, Claes Jakobsson, John E. Malmberg,

 Aaron Oneal

=======

 Kamil Dudka, Caolan McNamara, Frank McGeough, Andre Guibert de Bruet,

 Mike Crowe, Claes Jakobsson, John E. Malmberg, Igor Novoseltsev

>>>>>>> 1.1030

        Thanks! (and sorry if I forgot to mention someone)

                /* this header (extended by formdata.c) is sent later */

                checkprefix("Content-Type:", headers->data))

          ;

        else if(conn->bits.authneg &&

                /* while doing auth neg, don't allow the custom length since

                   we will force length zero then */

                checkprefix("Content-Length", headers->data))

          ;

        else {

          CURLcode result = add_bufferf(req_buffer, "%s\r\n", headers->data);

          if(result)

         we don't upload data chunked, as RFC2616 forbids us to set both

         kinds of headers (Transfer-Encoding: chunked and Content-Length) */

      if(!checkheaders(data, "Content-Length:")) {

        /* we allow replacing this header, although it isn't very wise to

           actually set your own */

      if(conn->bits.authneg || !checkheaders(data, "Content-Length:")) {

        /* we allow replacing this header if not during auth negotiation,

           although it isn't very wise to actually set your own */

        result = add_bufferf(req_buffer,

                             "Content-Length: %" FORMAT_OFF_T"\r\n",

                             postsize);