Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Always close HTTP/1.0 connection, even after Connection: Keep-Alive h…
…eader.

Some servers seem to fail certificate authentication after the initial
redirect unless you make a new connection. I see no valid reason in the
HTTP spec why we should do this, but it makes things work...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Feb 28, 2010
1 parent 0a9d5ba commit 357c85e
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions http.c
Expand Up @@ -148,8 +148,15 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
if (!strcasecmp(buf, "Connection")) {
if (!strcasecmp(colon, "Close"))
closeconn = 1;
#if 0
/* This might seem reasonable, but in fact it breaks
certificate authentication with some servers. If
they give an HTTP/1.0 response, even if they
explicitly give a Connection: Keep-Alive header,
just close the connection. */
else if (!strcasecmp(colon, "Keep-Alive"))
closeconn = 0;
#endif
}
if (!strcasecmp(buf, "Location")) {
vpninfo->redirect_url = strdup(colon);
Expand Down

0 comments on commit 357c85e

Please sign in to comment.