[http] Work around stateful authentication schemes
authorMichael Brown <mcb30@ipxe.org>
Mon, 14 May 2018 10:16:34 +0000 (11:16 +0100)
committerMichael Brown <mcb30@ipxe.org>
Fri, 8 Jun 2018 12:53:02 +0000 (13:53 +0100)
commite7f67d5a4c6e9f06aa7a9db1b4245f5e16f00bb2
treeb0c8491fede7301a127214515b4fd17f7ca97296
parent960d1e36b09803b291803ab336412f7d95349568
[http] Work around stateful authentication schemes

As pointedly documented in RFC7230 section 2.3, HTTP is a stateless
protocol: each request message can be understood in isolation from any
other requests or responses.  Various authentication schemes such as
NTLM break this fundamental property of HTTP and rely on the same TCP
connection being reused.

Work around these broken authentication schemes by ensuring that the
most recently pooled connection is reused for the subsequent
authentication retry.

Reported-by: Andreas Hammarskjöld <junior@2PintSoftware.com>
Tested-by: Andreas Hammarskjöld <junior@2PintSoftware.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/net/tcp/httpconn.c
src/net/tcp/httpcore.c