Skip to content

CONNECT fails if it can't send the entire request in one go #6950

New issue
New issue
Closed
Closed
CONNECT fails if it can't send the entire request in one go#6950
Assignees
bagder
Labels
HTTPconnecting & proxies
@ustcqidi

Description

@ustcqidi
ustcqidi
opened on Apr 24, 2021

I did this

There are Proxy which need Kerberos Authentication, but the authentication flow sometimes failed . This not easy to reproduce.

After checking the wireshark captured file and source code of libcurl. We find the possible root cause of the issue.

CURLcode Curl_buffer_send(struct dynbuf *in,
                          struct connectdata *conn,
                          /* add the number of sent bytes to this
                             counter */
                          curl_off_t *bytes_written,
                          /* how much of the buffer contains body data */
                          size_t included_body_bytes,
                          int socketindex)
{
...
sendsize = CURLMIN(size, CURL_MAX_WRITE_SIZE);
...

else {
      if((size_t)amount != size)
        /* We have no continue-send mechanism now, fail. This can only happen
           when this function is used from the CONNECT sending function. We
           currently (stupidly) assume that the whole request is always sent
           away in the first single chunk.

           This needs FIXing.
        */
        return CURLE_SEND_ERROR;
    }
}

When the Kerberos Auth challenge is bigger than CURL_MAX_WRITE_SIZE (16384) , the request with auth will be failed. (Will be fallbacked to using NTLM in our user's proxy environment.)

image

curl/libcurl version

7.74.0

operating system

Windows

Metadata

Metadata

Assignees

Labels

HTTPconnecting & proxies

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions