hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19226] - NTLM authentication failed due to closing of connection
Date Mon, 28 Apr 2003 11:27:14 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19226>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19226

NTLM authentication failed due to closing of connection





------- Additional Comments From olegk@apache.org  2003-04-28 11:27 -------
Mike,

I respectfully disagree. I believe the proposed solution is more general than
that discovered by Fabian. Persistent connections with HTTP/1.0 is a dirty and
an error prone business. The HTTP spec is horribly vague on this issue and we
should be careful about including 'Keep-Alive' token with each and every
request. I find it extremely confusing. However, as far as proxies are
concerned, the spec is quite plain. Here's the exact wording of the RFC 2068
(more up-to-date RFC 2616 simply refers to this chapter of the RFC 2068):

...

19.7.1 Compatibility with HTTP/1.0 Persistent Connections

...

   A client MUST NOT send the Keep-Alive connection token to a proxy
   server as HTTP/1.0 proxy servers do not obey the rules of HTTP/1.1
   for parsing the Connection header field.
...

However, since the spec does not mention 'proxy-connection' directive at all, I
suppose we may be a bit more liberal. I believe it should be safe to include
this header with HTTP/1.0 when communicating via a proxy.

To reiterate my main point here: HttpClient should not take into consideration
the version of the proxy server, as the proxy server is supposed to be
absolutely transparent (at least in theory) to the client. If the proxy has an
issue with a higher version of the HTTP protocol, I believe, it is supposed to
respond with 501 (NOT IMPLEMENTED) or 505 (WRONG HTTP VERSION). Otherwise, we
can assume that the proxy is at least aware of the HTTP version in question. 


This said, we may still employ 'proxy-connection' directive to add an extra
level of support for some proxies like squid.

I'll attach another patch within a few hours and be waiting for additional feedback

Oleg

Mime
View raw message