From: Jeff King <peff@peff.net>
To: Isaac Levy <isaac.r.levy@gmail.com>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>,
Daniel Stenberg <daniel@haxx.se>, git <git@vger.kernel.org>
Subject: Re: Default authentication over https?
Date: Fri, 15 Apr 2016 18:43:35 -0400 [thread overview]
Message-ID: <20160415224334.GA32160@sigill.intra.peff.net> (raw)
In-Reply-To: <20160415222120.GA24777@sigill.intra.peff.net>
On Fri, Apr 15, 2016 at 06:21:20PM -0400, Jeff King wrote:
> I think we can take that down to _two_ requests pretty easily. We know
> in the very first request that the server told us something like:
>
> < WWW-Authenticate: Basic realm="GitHub"
>
> but curl doesn't remember that. However, we should be able to pull it
> out of the old request and feed it into the new one. That would save the
> second request, which is just a probe.
Hmm. Looks like we already pull this out of the curl result for other
reasons, but we never feed it back in to the next request. So if I do
this:
diff --git a/http.c b/http.c
index 9bedad7..add9bf2 100644
--- a/http.c
+++ b/http.c
@@ -1132,6 +1132,8 @@ static int handle_curl_result(struct slot_results *results)
return HTTP_NOAUTH;
} else {
#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
+ if (results->auth_avail)
+ http_auth_methods = results->auth_avail;
http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
#endif
return HTTP_REAUTH;
that drops my test case down to two requests: once to find out that we
need auth via the 401, and then we feed curl sufficient information to
do the followup in a single request (the GSSNEGOTIATE thing there is a
hack from 4dbe664, which we can ignore for now).
Interestingly, curl _does_ reuse the connection this time. I'm still not
sure why it didn't in the original case. But this means the whole thing
is happening over a single TCP session, which is good (and I didn't have
to change my config at all).
-Peff
next prev parent reply other threads:[~2016-04-15 22:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-11 16:04 Default authentication over https? Isaac Levy
2016-04-13 22:36 ` Jeff King
2016-04-14 9:46 ` Daniel Stenberg
2016-04-14 21:32 ` Isaac Levy
2016-04-15 22:21 ` Jeff King
2016-04-15 22:43 ` Jeff King [this message]
2016-04-15 23:02 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160415224334.GA32160@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=daniel@haxx.se \
--cc=git@vger.kernel.org \
--cc=isaac.r.levy@gmail.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).