Dave Dribin made libcurl understand and handle cases when the server

Daniel (20 October 2005)

- Dave Dribin made libcurl understand and handle cases when the server

  (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should

  never happen in a sane world, libcurl previously got into an infinite loop

  when this occurred. Dave added test 273 to verify this.

- Temprimus improved the MSVC makefile: "makes a build option available so if

  you set rtlibcfg=static for the make, then it would build with /MT. The

  default behaviour is /MD (the original)."

This release includes the following bugfixes:

 o double WWW-Authenticate Digest headers are now handled

 o curl-config --vernum fixed

Other curl-related news since the previous public release:

#endif

#ifndef CURL_DISABLE_CRYPTO_AUTH

      if(checkprefix("Digest", start)) {

        if((authp->avail & CURLAUTH_DIGEST) != 0) {

          infof(data, "Ignoring duplicate digest auth header.\n");

        }

        else {

          CURLdigest dig;

          *availp |= CURLAUTH_DIGEST;

          authp->avail |= CURLAUTH_DIGEST;

            data->state.authproblem = TRUE;

          }

        }

      }

      else

#endif

      if(checkprefix("Basic", start)) {

 test237 test238 test239 test243 test245 test246 test247 test248 test249   \

 test250 test251 test252 test253 test254 test255 test521 test522 test523   \

 test256 test257 test258 test259 test260 test261 test262 test263 test264   \

 test265 test266 test267 test268 test269 test270 test271 test272

 test265 test266 test267 test268 test269 test270 test271 test272 test273

<info>

<keywords>

HTTP

HTTP GET

HTTP Digest auth

</keywords>

</info>

# Server-side

<reply>

<data>

HTTP/1.1 401 Authorization Required swsclose

Server: Apache/1.3.27 (Darwin) PHP/4.1.2

WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"

WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"

Content-Type: text/html; charset=iso-8859-1

This is not the real page

</data>

# This is supposed to be returned when the server gets a

# Authorization: Digest line passed-in from the client

<data1000>

HTTP/1.1 200 OK swsclose

Server: Apache/1.3.27 (Darwin) PHP/4.1.2

Content-Type: text/html; charset=iso-8859-1

This IS the real page!

</data1000>

<datacheck>

HTTP/1.1 401 Authorization Required swsclose

Server: Apache/1.3.27 (Darwin) PHP/4.1.2

WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"

WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"

Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK swsclose

Server: Apache/1.3.27 (Darwin) PHP/4.1.2

Content-Type: text/html; charset=iso-8859-1

This IS the real page!

</datacheck>

</reply>

# Client-side

<client>

<server>

http

</server>

 <name>

HTTP with two Digest authorization headers

 </name>

 <command>

http://%HOSTIP:%HTTPPORT/273 -u testuser:testpass --digest

</command>

</client>

# Verify data after the test has been "shot"

<verify>

<strip>

^User-Agent:.*

</strip>

<protocol>

GET /273 HTTP/1.1

Host: 127.0.0.1:%HTTPPORT

Accept: */*

GET /273 HTTP/1.1

Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/273", response="576ae57b1db0039f8c0de43ef58e49e3"

User-Agent: curl/7.10.5 (i686-pc-linux-gnu) libcurl/7.10.5 OpenSSL/0.9.7a ipv6 zlib/1.1.3

Host: 127.0.0.1:%HTTPPORT

Accept: */*

</protocol>

</verify>