projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3270ea5) | patch
When proxy authentication is used in a CONNECT request (as used for all SSL
authorDaniel Stenberg <daniel@haxx.se>
Sat, 2 Aug 2003 23:36:35 +0000 (23:36 +0000)
committerDaniel Stenberg <daniel@haxx.se>
Sat, 2 Aug 2003 23:36:35 +0000 (23:36 +0000)
commitdb9f87f697c86cdeca4e6da9f8baabb8246b2d0e
treed2a5c5a2bfec0b802176f78ab85fd8df67512cddtree | snapshot
parent3270ea55dd6ace258eabbd64a873ccf328976e7acommit | diff
When proxy authentication is used in a CONNECT request (as used for all SSL
connects and otherwise enforced tunnel-thru-proxy requests), the same
authentication header is also wrongly sent to the remote host.

The name and password can then be captured by an evil host and possibly get
used for malicious purposes.
lib/http.c diff | blob | history
Domain: Network & Connectivity / Data Network;