Return-Path: Mailing-List: contact commons-httpclient-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list commons-httpclient-dev@jakarta.apache.org Received: (qmail 76388 invoked from network); 28 Apr 2003 11:25:15 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 28 Apr 2003 11:25:15 -0000 Received: (qmail 8920 invoked by uid 50); 28 Apr 2003 11:27:14 -0000 Date: 28 Apr 2003 11:27:14 -0000 Message-ID: <20030428112714.8919.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: commons-httpclient-dev@jakarta.apache.org Cc: Subject: DO NOT REPLY [Bug 19226] - NTLM authentication failed due to closing of connection X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19226 NTLM authentication failed due to closing of connection ------- Additional Comments From olegk@apache.org 2003-04-28 11:27 ------- Mike, I respectfully disagree. I believe the proposed solution is more general than that discovered by Fabian. Persistent connections with HTTP/1.0 is a dirty and an error prone business. The HTTP spec is horribly vague on this issue and we should be careful about including 'Keep-Alive' token with each and every request. I find it extremely confusing. However, as far as proxies are concerned, the spec is quite plain. Here's the exact wording of the RFC 2068 (more up-to-date RFC 2616 simply refers to this chapter of the RFC 2068): ... 19.7.1 Compatibility with HTTP/1.0 Persistent Connections ... A client MUST NOT send the Keep-Alive connection token to a proxy server as HTTP/1.0 proxy servers do not obey the rules of HTTP/1.1 for parsing the Connection header field. ... However, since the spec does not mention 'proxy-connection' directive at all, I suppose we may be a bit more liberal. I believe it should be safe to include this header with HTTP/1.0 when communicating via a proxy. To reiterate my main point here: HttpClient should not take into consideration the version of the proxy server, as the proxy server is supposed to be absolutely transparent (at least in theory) to the client. If the proxy has an issue with a higher version of the HTTP protocol, I believe, it is supposed to respond with 501 (NOT IMPLEMENTED) or 505 (WRONG HTTP VERSION). Otherwise, we can assume that the proxy is at least aware of the HTTP version in question. This said, we may still employ 'proxy-connection' directive to add an extra level of support for some proxies like squid. I'll attach another patch within a few hours and be waiting for additional feedback Oleg