On Wed, Jan 27, 2016 at 5:06 PM, Tim Ruehsen <[email protected]> wrote:
> > > What about the '#ifdef HAVE_SSL' ? Don't we need the check always ? > > Sorry for my irritating text. What I tried to ask/say was "Do we need the > #ifdef in cookie_handle_set_cookie() at all ?". > > And btw, do we need it in parse_set_cookie() ? > > I think it is required in parse_set_cookie(). It does not create a secure only cookie in case the connection is insecure. Now this can happen because of two reasons, (i) communication over simple HTTP despite wget configured with SSL, (ii) wget configured with the "--without-ssl" option. The log output in both the cases should be different, right? Darshit said it with clearer words (and I agree with him): > "When a user loads a file backed cookie jar, they expect it to work > according to the RFC, irrespective of whether the client supports SSL > or not. And especially since support for this does not depend on the > actual linking of any SSL library, it shouldn't be hard to implement." > > In this case, then can we simply remove the #ifdef check, and and the if else statement check whether (scheme == SCHEME_HTTP) and not (scheme != SCHEME_HTTPS), since they would essentially mean the same. This should take care of the problem you mention. I have attached a patch with these changes. A question about the way things are done in the Wget project, should I attach a patch that should be applied in continuation to the last patch I sent, or one generated by all the commits? The patch I have attached is the one generated of the last commit only. Kush
From 8ae394545a5e14bfd29bbbf627c67b7e5a029a05 Mon Sep 17 00:00:00 2001 From: kush789 <[email protected]> Date: Thu, 28 Jan 2016 01:19:29 +0530 Subject: [PATCH] Fixed recommendatin II of draft --- src/cookies.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/cookies.c b/src/cookies.c index 156bd61..0e88ade 100644 --- a/src/cookies.c +++ b/src/cookies.c @@ -857,8 +857,7 @@ cookie_handle_set_cookie (struct cookie_jar *jar, } } -#ifdef HAVE_SSL - if ((cookie->secure == 0) && (scheme != SCHEME_HTTPS)) + if ((cookie->secure == 0) && (scheme == SCHEME_HTTP)) { /* If an old cookie exists such that the all of the following are true, then discard the new cookie. @@ -881,7 +880,6 @@ cookie_handle_set_cookie (struct cookie_jar *jar, goto out; } } -#endif /* Now store the cookie, or discard an existing cookie, if discarding was requested. */ -- 1.9.1
