diff options
| author | Joe Orton <notroj@users.noreply.github.com> | 2004-10-02 19:38:59 +0000 |
|---|---|---|
| committer | Joe Orton <notroj@users.noreply.github.com> | 2004-10-02 19:38:59 +0000 |
| commit | 6b481ae6548ea00a8285deab9e674925853b107d (patch) | |
| tree | 51e55a698b4d698ff8835cd383661c964865897a /BUGS | |
| parent | 1e650d31f1825e3c76cdffb5b017226aef93c815 (diff) | |
| download | neon-git-6b481ae6548ea00a8285deab9e674925853b107d.tar.gz | |
Merge trunk up to current neon CVS HEAD.
Diffstat (limited to 'BUGS')
| -rw-r--r-- | BUGS | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -2,6 +2,8 @@ Known problems/bugs in neon -*- text -*- --------------------------- +* look at escaping logic again w.r.t. ?, # characters? + * 2818 requires that a on rejection of the SSL server cert, a "bad certificate" message should be sent - this is not being done currently (and can probably only be done with OpenSSL by actually doing cert verification in the verify @@ -12,13 +14,15 @@ Known problems/bugs in neon -*- text -*- * SSL session caching issues; only cache for clean shutdowns, and only cache on shutdown, since the SSL_SESSION may change during - an ne_session. + an ne_session? * what is passed as 'path' to req create hook: auth needs Request-URI; how does that interact with proxies? also they will be passed NULL for a CONNECT request, or "*" possibly as well. -* expect100 support is broken. +* expect100 support is broken: enable it per-request, don't bother +caching support over the session, rely on the app only enabling it if +it works. * It would be nice to fail with a friendly error message if a client cert is requested by the srever but one is not provided. Currently, @@ -26,3 +30,16 @@ returning -1 from the provide_client_cert function would allow that (as it forces the SSL handshake to fail), but that would prevent opportunistic use of client certificates, of the "SSLVerifyClient optional" variety. + +* D.J. Heap has a proxy which returns a 401 in response to a CONNECT; +relax the ne_auth rules to allow this since it's unambiguous. + +* Error handling from ne__pull_request_body/send_request_body is +buggy: socket errors are not distinguished from body provider errors; +the connection must be closed in ne_request after a body provider +error. + +* Check whether the following always return UTF-8-encoded strings: + - ne_ssl_clicert_name + - ne_ssl_cert_identity + |