Always close HTTP/1.0 connection, even after Connection: Keep-Alive header.

Some servers seem to fail certificate authentication after the initial
redirect unless you make a new connection. I see no valid reason in the
HTTP spec why we should do this, but it makes things work...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/http.c b/http.c
index 28cdf64..5562d95 100644 (file)
--- a/http.c
+++ b/http.c
@@ -148,8 +148,15 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
                if (!strcasecmp(buf, "Connection")) {
                        if (!strcasecmp(colon, "Close"))
                                closeconn = 1;
+#if 0
+                       /* This might seem reasonable, but in fact it breaks
+                          certificate authentication with some servers. If
+                          they give an HTTP/1.0 response, even if they
+                          explicitly give a Connection: Keep-Alive header,
+                          just close the connection. */
                        else if (!strcasecmp(colon, "Keep-Alive"))
                                closeconn = 0;
+#endif
                }
                if (!strcasecmp(buf, "Location")) {
                        vpninfo->redirect_url = strdup(colon);