diff --git a/CHANGES b/CHANGES
index eb913c2e2..aa6540287 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,7 +7,17 @@
Changelog
+Daniel (14 December 2004)
+- Harshal Pradhan patched a HTTP persistent connection flaw: if the user name
+ and/or password were modified between two requests on a persistent
+ connection, the second request were still made with the first setup!
+
+ I added test case 519 to verify the fix.
+
Daniel (13 December 2004)
+- Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app
+ to list all available crypto ENGINES.
+
- Gisle fixed bug report #1083542, which pointed out a problem with resuming
large file (>4GB) file:// transfers on windows.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4f581923a..b40664aaf 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -10,6 +10,7 @@ Curl and libcurl 7.12.3
This release includes the following changes:
+ o added CURLINFO_SSL_ENGINES
o new configure options: --disable-cookies, --disable-crypto-auth and
--disable-verbose
o persistent ftp request improvements
@@ -25,6 +26,7 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o modified credentials between two requests on a persistent http connection
o large file file:// resumes on Windows
o URLs with username and IPv6 numerical addresses
o configure works better with SSL libs in a "non-standard ld.so dir"
@@ -67,6 +69,6 @@ advice from friends like these:
Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum,
Richard Atterer, Rene Bernhardt, Matt Veenstra, Bryan Henderson, Ton Voon,
- Kai Sommerfeld, David Byron
+ Kai Sommerfeld, David Byron, Harshal Pradhan
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/url.c b/lib/url.c
index 4b077dfe2..65d7cf032 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3131,7 +3131,26 @@ static CURLcode CreateConnection(struct SessionHandle *data,
/* get the user+password information from the old_conn struct since it may
* be new for this request even when we re-use an existing connection */
conn->bits.user_passwd = old_conn->bits.user_passwd;
+ if (conn->bits.user_passwd) {
+ /* use the new user namd and password though */
+ Curl_safefree(conn->user);
+ Curl_safefree(conn->passwd);
+ conn->user = old_conn->user;
+ conn->passwd = old_conn->passwd;
+ old_conn->user = NULL;
+ old_conn->passwd = NULL;
+ }
+
conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
+ if (conn->bits.proxy_user_passwd) {
+ /* use the new proxy user name and proxy password though */
+ Curl_safefree(conn->proxyuser);
+ Curl_safefree(conn->proxypasswd);
+ conn->proxyuser = old_conn->proxyuser;
+ conn->proxypasswd = old_conn->proxypasswd;
+ old_conn->proxyuser = NULL;
+ old_conn->proxypasswd = NULL;
+ }
/* host can change, when doing keepalive with a proxy ! */
if (conn->bits.httpproxy) {
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index b29e00c3d..ca04cfec4 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -30,7 +30,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test193 test194 test195 test196 test197 test198 test515 test516 \
test517 test518 test210 test211 test212 test220 test221 test222 \
test223 test224 test206 test207 test208 test209 test213 test240 \
- test241 test242
+ test241 test242 test519
# The following tests have been removed from the dist since they no longer
# work. We need to fix the test suite's FTPS server first, then bring them
diff --git a/tests/data/test519 b/tests/data/test519
new file mode 100644
index 000000000..8599ddc3c
--- /dev/null
+++ b/tests/data/test519
@@ -0,0 +1,71 @@
+#
+# Server-side
+
+
+HTTP/1.1 200 OK swsbounce
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 8
+
+content
+
+
+HTTP/1.1 200 OK swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 9
+
+content2
+
+
+HTTP/1.1 200 OK swsbounce
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 8
+
+content
+HTTP/1.1 200 OK swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 9
+
+content2
+
+
+
+# Client-side
+
+
+http
+
+# tool is what to use instead of 'curl'
+
+lib519
+
+
+
+GET same URL twice with different users
+
+
+http://%HOSTIP:%HTTPPORT/519
+
+
+
+#
+# Verify data after the test has been "shot"
+
+
+GET /519 HTTP/1.1
+Authorization: Basic bW9uc3Rlcjp1bmRlcmJlZA==
+Host: 127.0.0.1:8990
+Pragma: no-cache
+Accept: */*
+
+GET /519 HTTP/1.1
+Authorization: Basic YW5vdGhlcm1vbnN0ZXI6aW53YXJkcm9iZQ==
+Host: 127.0.0.1:8990
+Pragma: no-cache
+Accept: */*
+
+
+
diff --git a/tests/libtest/Makefile.am b/tests/libtest/Makefile.am
index f394ec14b..e5bc1eab4 100644
--- a/tests/libtest/Makefile.am
+++ b/tests/libtest/Makefile.am
@@ -40,7 +40,7 @@ SUPPORTFILES = first.c test.h
# These are all libcurl test programs
noinst_PROGRAMS = lib500 lib501 lib502 lib503 lib504 lib505 lib506 lib507 \
lib508 lib509 lib510 lib511 lib512 lib513 lib514 lib515 lib516 lib517 \
- lib518
+ lib518 lib519
lib500_SOURCES = lib500.c $(SUPPORTFILES)
lib500_LDADD = $(LIBDIR)/libcurl.la
@@ -117,3 +117,7 @@ lib517_DEPENDENCIES = $(LIBDIR)/libcurl.la
lib518_SOURCES = lib518.c $(SUPPORTFILES)
lib518_LDADD = $(LIBDIR)/libcurl.la
lib518_DEPENDENCIES = $(LIBDIR)/libcurl.la
+
+lib519_SOURCES = lib519.c $(SUPPORTFILES)
+lib519_LDADD = $(LIBDIR)/libcurl.la
+lib519_DEPENDENCIES = $(LIBDIR)/libcurl.la
diff --git a/tests/libtest/lib519.c b/tests/libtest/lib519.c
new file mode 100644
index 000000000..007703e11
--- /dev/null
+++ b/tests/libtest/lib519.c
@@ -0,0 +1,21 @@
+#include "test.h"
+
+int test(char *URL)
+{
+ CURLcode res;
+ CURL *curl = curl_easy_init();
+ curl_easy_setopt(curl, CURLOPT_URL, URL);
+ curl_easy_setopt(curl, CURLOPT_USERPWD, "monster:underbed");
+ curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
+ curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
+ /* get first page */
+ res = curl_easy_perform(curl);
+
+ curl_easy_setopt(curl, CURLOPT_USERPWD, "anothermonster:inwardrobe");
+ /* get second page */
+ res = curl_easy_perform(curl);
+
+ curl_easy_cleanup(curl);
+ return (int)res;
+}
+