Andrew Bushnell provided enough info for me to tell that we badly needed to

                                  Changelog

Daniel (4 July 2005)

- Andrew Bushnell provided enough info for me to tell that we badly needed to

  fix the CONNECT authentication code with multi-pass auth methods (such as

  NTLM) as it didn't previously properly ignore response-bodies - in fact it

  stopped reading after all response headers had been received. This could

  lead to libcurl sending the next request and reading the body from the first

  request as response to the second request. (I also renamed the function,

  which wasn't strictly necessary but...)

  The best fix would to once and for all make the CONNECT code use the

  ordinary request sending/receiving code, treating it as any ordinary request

  instead of the special-purpose function we have now. It should make it

  better for multi-interface too. And possibly lead to less code...

  Added test case 265 for this. It doesn't work as a _really_ good test case

  since the test proxy is too stupid, but the test case helps when running the

  debugger to verify.

Daniel (23 June 2005)

- David Shaw's fix that unifies proxy string treatment so that a proxy given

  with CURLOPT_PROXY can use a http:// prefix and user + password. The user

This release includes the following bugfixes:

 o treats CONNECT 407 responses with bodies better during Digest/NTLM auth

 o debug builds work on Tru64

 o improved libcurl.m4

 o possible memory leak in windows name resolves

 o c-ares enabled build with mingw

advice from friends like these:

 John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza,

 Tupone Alfredo, Gisle Vanem, David Shaw

 Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell

        Thanks! (and sorry if I forgot to mention someone)

    /* BLOCKING */

    /* We want "seamless" FTP operations through HTTP proxy tunnel */

    result = Curl_ConnectHTTPProxyTunnel(conn, SECONDARYSOCKET,

                                         newhost, newport);

    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);

    if(CURLE_OK != result)

      return result;

  }

  if (conn->bits.tunnel_proxy) {

    /* BLOCKING */

    /* We want "seamless" FTP operations through HTTP proxy tunnel */

    result = Curl_ConnectHTTPProxyTunnel(conn, FIRSTSOCKET,

    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,

                               conn->host.name, conn->remote_port);

    if(CURLE_OK != result)

      return result;

#include "memory.h"

#include "select.h"

#include "parsedate.h" /* for the week day and month names */

#include "strtoofft.h"

#define _MPRINTF_REPLACE /* use our functions only */

#include <curl/mprintf.h>

}

/*

 * ConnectHTTPProxyTunnel() requires that we're connected to a HTTP

 * proxy. This function will issue the necessary commands to get a seamless

 * tunnel through this proxy. After that, the socket can be used just as a

 * normal socket.

 * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This

 * function will issue the necessary commands to get a seamless tunnel through

 * this proxy. After that, the socket can be used just as a normal socket.

 *

 * This badly needs to be rewritten. CONNECT should be sent and dealt with

 * like any ordinary HTTP request, and not specially crafted like this. This

 * much work to do at the moment.

 */

CURLcode Curl_ConnectHTTPProxyTunnel(struct connectdata *conn,

CURLcode Curl_proxyCONNECT(struct connectdata *conn,

                           int sockindex,

                           char *hostname,

                           int remote_port)

  int res;

  size_t nread;   /* total size read */

  int perline; /* count bytes per line */

  bool keepon=TRUE;

  int keepon=TRUE;

  ssize_t gotbytes;

  char *ptr;

  long timeout =

  char *host_port;

  curl_socket_t tunnelsocket = conn->sock[sockindex];

  send_buffer *req_buffer;

  curl_off_t cl=0;

#define SELECT_OK      0

#define SELECT_ERROR   1

          int i;

          nread += gotbytes;

          if(keepon > TRUE) {

            cl -= gotbytes;

            if(!cl)

              break;

          }

          else

          for(i = 0; i < gotbytes; ptr++, i++) {

            perline++; /* amount of bytes in this line so far */

            if(*ptr=='\n') {

              if(('\r' == line_start[0]) ||

                 ('\n' == line_start[0])) {

                /* end of response-headers from the proxy */

                if(cl && (407 == k->httpcode) && !data->state.authproblem) {

                  /* If we get a 407 response code with content length when we

                   * have no auth problem, we must ignore the whole

                   * response-body */

                  keepon = 2;

                  infof(data, "Ignore %" FORMAT_OFF_T

                        " bytes of response-body\n", cl);

                  cl -= (gotbytes - i);/* remove the remaining chunk of what

                                          we already read */

                  if(cl<=0)

                    /* if the whole thing was already read, we are done! */

                    keepon=FALSE;

                }

                else

                  keepon = FALSE;

                break; /* breaks out of for-loop, not switch() */

              }

                if(result)

                  return result;

              }

              else if(checkprefix("Content-Length:", line_start)) {

                cl = curlx_strtoofft(line_start + strlen("Content-Length:"),

                                     NULL, 10);

              }

              else if(2 == sscanf(line_start, "HTTP/1.%d %d",

                                  &subversion,

                                  &k->httpcode)) {

  if(conn->bits.tunnel_proxy) {

    /* either SSL over proxy, or explicitly asked for */

    result = Curl_ConnectHTTPProxyTunnel(conn, FIRSTSOCKET,

    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,

                               conn->host.name,

                               conn->remote_port);

    if(CURLE_OK != result)

                        const char *content); /* content string to find */

/* ftp can use this as well */

CURLcode Curl_ConnectHTTPProxyTunnel(struct connectdata *conn,

CURLcode Curl_proxyCONNECT(struct connectdata *conn,

                           int tunnelsocket,

                           char *hostname, int remote_port);