httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Marc Desperrier <>
Subject Re: handling request splicing in case of server initiated renegotiation CVE-2009-3555
Date Thu, 19 Nov 2009 16:41:10 GMT
Joe Orton wrote:
> On Thu, Nov 19, 2009 at 04:05:34PM +0100, Hartmut Keil wrote:
>> >  [...] From my point of view without
>> >  drawbacks, since 'pipelining' clients must handle the closing of a
>> >  connection after a complete response in any case.
> Yes, I agree, this seems very sensible, I can't see any problem with
> this.

It seems very sensible *if* it works in practice, it would be better to 
check with clients if they actually implement this properly.

If it's so easy, I'm surprised it hasn't been done earlier, instead of 
that ugly solution of queuing POST requests inside a buffer (ref bug 39243)

View raw message