| commit | 9a77e439ec6dfb066f697711d17f0edb58cdd6ac | |
| author | upstream svn <svn@amule.org> | |
| Tue, 6 Oct 2020 00:39:19 +0000 (6 00:39 +0000) | ||
| committer | Dévai Tamás <gonosztopi@amule.org> | |
| Tue, 6 Oct 2020 00:53:11 +0000 (6 00:53 +0000) | ||
| tree | ae3b5f7c4d9d0d05008c0f570c8918d50dc6e349 | treesnapshot (tar.gz zip) |
| parent | 1c521897dd9e4e06d06a53fd87d13e4483c053d6 | commitdiff |
Proxy authorization fixes
* HTTP proxy authentication failed because EncodeBase64() adds a trailing newline
which corrupts the HTTP headers.
* HTTP proxies use the "Proxy-Authorization" header for authenticating to the proxy.
The "Authorization" header is required to be forwarded to the destination.
(See https://tools.ietf.org/html/rfc7235#section-4.2)
* If a SOCKS5 server was configured to accept connections both with and without
authentication, there was no way to connect to it without a username/password pair.
That's because we always reported we could do username/password authentication and
the proxy - obviously - selected the most secure method: username/password.
Now if the "Enable authentication" checkbox is cleared we won't offer any
authentication methods (except for NO_AUTH_REQUIRED, which isn't actually an
authentication method). If the checkbox is checked, we offer all known methods
(currently username/password only) which will require valid credentials on all
proxies supporting basic authentication. But if a proxy accepts only
unauthenticated connections we are still able to connect to it.
* Though a SOCKS4/4a server doesn't offer any real authentication and the
"Username" field of the request is optional, we send a username only if
the "Enable authentication" checkbox is checked.
* HTTP proxy authentication failed because EncodeBase64() adds a trailing newline
which corrupts the HTTP headers.
* HTTP proxies use the "Proxy-Authorization" header for authenticating to the proxy.
The "Authorization" header is required to be forwarded to the destination.
(See https://tools.ietf.org/html/rfc7235#section-4.2)
* If a SOCKS5 server was configured to accept connections both with and without
authentication, there was no way to connect to it without a username/password pair.
That's because we always reported we could do username/password authentication and
the proxy - obviously - selected the most secure method: username/password.
Now if the "Enable authentication" checkbox is cleared we won't offer any
authentication methods (except for NO_AUTH_REQUIRED, which isn't actually an
authentication method). If the checkbox is checked, we offer all known methods
(currently username/password only) which will require valid credentials on all
proxies supporting basic authentication. But if a proxy accepts only
unauthenticated connections we are still able to connect to it.
* Though a SOCKS4/4a server doesn't offer any real authentication and the
"Username" field of the request is optional, we send a username only if
the "Enable authentication" checkbox is checked.
| .svn-revision | diffblobblamehistory | |
| src/Proxy.cpp | diffblobblamehistory |