summaryrefslogtreecommitdiffstats
path: root/src/net/tcp/httpconn.c
Commit message (Collapse)AuthorAgeFilesLines
* [http] Work around stateful authentication schemesMichael Brown2018-06-081-2/+7
| | | | | | | | | | | | | | | | As pointedly documented in RFC7230 section 2.3, HTTP is a stateless protocol: each request message can be understood in isolation from any other requests or responses. Various authentication schemes such as NTLM break this fundamental property of HTTP and rely on the same TCP connection being reused. Work around these broken authentication schemes by ensuring that the most recently pooled connection is reused for the subsequent authentication retry. Reported-by: Andreas Hammarskjöld <junior@2PintSoftware.com> Tested-by: Andreas Hammarskjöld <junior@2PintSoftware.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [http] Add missing check for memory allocation failureMichael Brown2017-03-211-0/+5
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [http] Verify server port when reusing a pooled connectionMichael Brown2015-10-021-7/+12
| | | | | | Reported-by: Allen <allen@gtf.org> Reported-by: Andreas Hammarskjöld <junior@2PintSoftware.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [http] Rewrite HTTP core to support content encodingsMichael Brown2015-08-171-0/+309
Rewrite the HTTP core to allow for the addition of arbitrary content encoding mechanisms, such as PeerDist and gzip. The core now exposes http_open() which can be used to create requests with an explicitly selected HTTP method, an optional requested content range, and an optional request body. A simple wrapper provides the preexisting behaviour of creating either a GET request or an application/x-www-form-urlencoded POST request (if the URI includes parameters). The HTTP SAN interface is now implemented using the generic block device translator. Individual blocks are requested using http_open() to create a range request. Server connections are now managed via a connection pool; this allows for multiple requests to the same server (e.g. for SAN blocks) to be completely unaware of each other. Repeated HTTPS connections to the same server can reuse a pooled connection, avoiding the per-connection overhead of establishing a TLS session (which can take several seconds if using a client certificate). Support for HTTP SAN booting and for the Basic and Digest authentication schemes is now optional and can be controlled via the SANBOOT_PROTO_HTTP, HTTP_AUTH_BASIC, and HTTP_AUTH_DIGEST build configuration options in config/general.h. Signed-off-by: Michael Brown <mcb30@ipxe.org>
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-09 15:52:30 +0200