Re: http over auth/proxy

2004-03-30 Thread Hrvoje Niksic 
It's a bug caused by an oversight, thanks for the report.  Please let
me know if this patch corrects the problem:

2004-03-30  Hrvoje Niksic  [EMAIL PROTECTED]

* http.c (gethttp): Send the Proxy-Authorization header over
non-SSL connections too.

Index: src/http.c
===
RCS file: /pack/anoncvs/wget/src/http.c,v
retrieving revision 1.141
diff -u -r1.141 http.c
--- src/http.c  2004/02/25 23:45:24 1.141
+++ src/http.c  2004/03/30 09:36:53
@@ -1113,35 +1113,6 @@
 
   conn = u;
 
-  proxyauth = NULL;
-  if (proxy)
-{
-  char *proxy_user, *proxy_passwd;
-  /* For normal username and password, URL components override
-command-line/wgetrc parameters.  With proxy
-authentication, it's the reverse, because proxy URLs are
-normally the permanent ones, so command-line args
-should take precedence.  */
-  if (opt.proxy_user  opt.proxy_passwd)
-   {
- proxy_user = opt.proxy_user;
- proxy_passwd = opt.proxy_passwd;
-   }
-  else
-   {
- proxy_user = proxy-user;
- proxy_passwd = proxy-passwd;
-   }
-  /*  This does not appear right.  Can't the proxy request,
-say, `Digest' authentication?  */
-  if (proxy_user  proxy_passwd)
-   proxyauth = basic_authentication_encode (proxy_user, proxy_passwd);
-
-  /* If we're using a proxy, we will be connecting to the proxy
-server.  */
-  conn = proxy;
-}
-
   /* Prepare the request to send. */
 
   req = request_new ();
@@ -1203,6 +1174,41 @@
   request_set_header (req, Authorization,
  basic_authentication_encode (user, passwd),
  rel_value);
+}
+
+  proxyauth = NULL;
+  if (proxy)
+{
+  char *proxy_user, *proxy_passwd;
+  /* For normal username and password, URL components override
+command-line/wgetrc parameters.  With proxy
+authentication, it's the reverse, because proxy URLs are
+normally the permanent ones, so command-line args
+should take precedence.  */
+  if (opt.proxy_user  opt.proxy_passwd)
+   {
+ proxy_user = opt.proxy_user;
+ proxy_passwd = opt.proxy_passwd;
+   }
+  else
+   {
+ proxy_user = proxy-user;
+ proxy_passwd = proxy-passwd;
+   }
+  /*  This does not appear right.  Can't the proxy request,
+say, `Digest' authentication?  */
+  if (proxy_user  proxy_passwd)
+   proxyauth = basic_authentication_encode (proxy_user, proxy_passwd);
+
+  /* If we're using a proxy, we will be connecting to the proxy
+server.  */
+  conn = proxy;
+
+  /* Proxy authorization over SSL is handled below. */
+#ifdef HAVE_SSL
+  if (u-scheme != SCHEME_SSL)
+#endif
+   request_set_header (req, Proxy-Authorization, proxyauth, rel_value);
 }
 
   {

Re: http over auth/proxy

2004-03-30 Thread Daniel Stenberg 
On Tue, 30 Mar 2004, Hrvoje Niksic wrote:

   * http.c (gethttp): Send the Proxy-Authorization header over
   non-SSL connections too.

I couldn't really tell from this diff, but I thought I'd remind you:

If you are using SSL over a proxy, you should not send the Proxy-Authorization
in the GET request, only in the CONNECT request.

-- 
 -=- Daniel Stenberg -=- http://daniel.haxx.se -=-
  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Re: http over auth/proxy

2004-03-30 Thread Hrvoje Niksic 
Daniel Stenberg [EMAIL PROTECTED] writes:

 On Tue, 30 Mar 2004, Hrvoje Niksic wrote:

  * http.c (gethttp): Send the Proxy-Authorization header over
  non-SSL connections too.

 I couldn't really tell from this diff, but I thought I'd remind you:

 If you are using SSL over a proxy, you should not send the
 Proxy-Authorization in the GET request, only in the CONNECT request.

I know -- in fact, implementing that was how I introduced the bug.
:-)  In the CVS code, the header was being sent *only* in the CONNECT
request.

Anyway, thanks for the reminder.

Re: http over auth/proxy

2004-03-30 Thread Hrvoje Niksic 
I've now applied this patch.