the web mirror system is dropped

165 - "Problem with CURLOPT_RESUME_FROM and CURLOPT_APPEND" by Daniele Pinau,
      recipe: http://curl.haxx.se/mail/lib-2008-08/0439.html

CHANGES

@@ -6,6 +6,29 @@
 
                                   Changelog
 
+Version 7.19.0 (1 September 2008)
+
+Daniel Fandrich (29 Aug 2008)
+- Added tests 1071 through 1074 to test automatic downgrading from HTTP 1.1
+  to HTTP 1.0 upon receiving a response from the HTTP server.  Tests 1072
+  and 1073 are similar to test 1069 in that they involve the impossible
+  scenario of sending chunked data to a HTTP 1.0 server.  All these fail
+  and are added to DISABLED.
+
+- Added test 1075 to test --anyauth with Basic authentication.
+
+Daniel Stenberg (29 Aug 2008)
+- When libcurl was doing a HTTP POST and the server would respond with
+  "Connection: close" and actually close the connection after the
+  response-body, libcurl could still have outstanding data to send and it
+  would not properly notice this and stop sending. This caused weirdness and
+  sad faces. http://curl.haxx.se/bug/view.cgi?id=2080222
+
+  Note that there are still reasons to consider libcurl's behavior when
+  getting a >= 400 response code while sending data, as Craig Perras' note
+  "http upload: how to stop on error" specifies:
+  http://curl.haxx.se/mail/archive-2008-08/0138.html
+
 Daniel Stenberg (28 Aug 2008)
 - Dengminwen reported that libcurl would lock a (cookie) share twice (without
   an unlock in between) for a certain case and that in fact works when using

Makefile.am

@@ -26,7 +26,8 @@ AUTOMAKE_OPTIONS = foreign
 ACLOCAL_AMFLAGS = -I m4
 
 EXTRA_DIST = CHANGES COPYING maketgz reconf Makefile.dist curl-config.in \
- curl-style.el sample.emacs RELEASE-NOTES buildconf buildconf.bat libcurl.pc.in
+ curl-style.el sample.emacs RELEASE-NOTES buildconf buildconf.bat 	 \
+ libcurl.pc.in vc6curl.dsw
 
 bin_SCRIPTS = curl-config
 

RELEASE-NOTES

@@ -9,6 +9,9 @@ Curl and libcurl 7.19.0
 
 This release includes the following changes:
 
+ o curl_off_t gets its size/typedef somewhat differently than before. This _may_
+   cause an ABI change for you. See lib/README.curl_off_t for a full explanation.
+ 
  o Added CURLINFO_PRIMARY_IP
  o Added CURLOPT_CRLFILE and CURLE_SSL_CRL_BADFILE
  o Added CURLOPT_ISSUERCERT and CURLE_SSL_ISSUER_ERROR
@@ -60,6 +63,7 @@ This release includes the following bugfixes:
  o proxy closing connect during CONNECT with auth with the multi interface
  o CURLOPT_UPLOAD sets HTTP method back to GET or HEAD when passed in a 0
  o shared cookies could get locked twice
+ o deal with closed connection while doing POST/PUT
 
 This release includes the following known bugs:
 
@@ -69,10 +73,6 @@ Other curl-related news:
 
  o 
 
-New curl mirrors:
-
- o 
-
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 

TODO-RELEASE

@@ -11,12 +11,16 @@ To be addressed before 7.19.1 (planned release: October 2008)
 158 - Martin Drasar's CURLOPT_POSTREDIR work:
       http://curl.haxx.se/mail/lib-2008-08/0170.html
 
-161 - test case 1065 failure (HTTP PUT with one file but two URLs)
-      http://curl.haxx.se/mail/archive-2008-08/0075.html
-
 162 - Craig Perras' note "http upload: how to stop on error"
-      http://curl.haxx.se/mail/archive-2008-08/0138.html Most possibly this is
+      http://curl.haxx.se/mail/archive-2008-08/0138.html
-      also closely related to the bug "race condition while POSTing to
-      HTTP/1.0 servers" => http://curl.haxx.se/bug/view.cgi?id=2080222
 
-163 -
+163 - Detecting illegal attempts at chunked transfers on HTTP 1.0
+      (tests 1069, 1072, 1073)
+      http://curl.haxx.se/mail/archive-2008-08/0435.html
+
+164 - Automatic downgrading to HTTP 1.0 (tests 1071 through 1074)
+
+165 - "Problem with CURLOPT_RESUME_FROM and CURLOPT_APPEND" by Daniele Pinau,
+      recipe: http://curl.haxx.se/mail/lib-2008-08/0439.html
+
+166 -

ares/RELEASE-NOTES

@@ -1,20 +1,10 @@
-This is what's new and changed in the c-ares 1.5.3 release:
+This is what's new and changed in the c-ares 1.5.4 release:
 
- o fix adig sample application compilation failure on some systems
+ o 
- o fix pkg-config reporting of private libraries needed for static linking
- o fallback to gettimeofday when monotonic clock is unavailable at run-time
- o ares_gethostbyname() fallback from AAA to A records with CNAME present
- o allow --enable-largefile and --disable-largefile configurations
- o configure process no longer needs nor checks size of curl_off_t
- o library will now be built with _REENTRANT symbol defined if needed
- o Improved configure detection of number of arguments for getservbyport_r
- o Improved query-ID randomness
- o Validate that DNS response address matches the request address
- o fix acountry sample application compilation failure on some systems
 
 Thanks go to these friendly people for their efforts and contributions:
 
- Brad House, Yang Tse, Phil Blundell, Tofu Linden, George Neill
+ 
  and obviously Daniel Stenberg
 
 Have fun!

ares/ares_version.h

@@ -5,11 +5,11 @@
 
 #define ARES_VERSION_MAJOR 1
 #define ARES_VERSION_MINOR 5
-#define ARES_VERSION_PATCH 3
+#define ARES_VERSION_PATCH 4
 #define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\
                        (ARES_VERSION_MINOR<<8)|\
                        (ARES_VERSION_PATCH))
-#define ARES_VERSION_STR "1.5.3-CVS"
+#define ARES_VERSION_STR "1.5.4-CVS"
 
 #ifdef  __cplusplus
 extern "C" {

docs/INSTALL

@@ -287,6 +287,37 @@ Win32
    at runtime.
    Run 'nmake vc-ssl-zlib' to build with both ssl and zlib support.
 
+   MSVC 6 IDE
+   ----------
+
+   A minimal VC++ 6.0 reference workspace (vc6curl.dsw) is available with the
+   source distribution archive to allow proper building of the two included
+   projects, the libcurl library and the curl tool.
+
+   1) Open the vc6curl.dsw workspace with MSVC6's IDE.
+   2) Select 'Build' from top menu.
+   3) Select 'Batch Build' from dropdown menu.
+   4) Make sure that the eight project configurations are 'checked'.
+   5) Click on the 'Build' button.
+   6) Once the eight project configurations are built you are done.
+
+   Dynamic and static libcurl libraries are built in debug and release flavours,
+   and can be located each one in its own subdirectory, DLL-Debug, DLL-Release,
+   LIB-Debug and LIB-Release, all of them below the 'lib' subdirectory.
+
+   In the same way four curl executables are created, each using its respective
+   library. The resulting curl executables are located in its own subdirectory,
+   DLL-Debug, DLL-Release, LIB-Debug and LIB-Release, below the 'src' subdir.
+
+   These reference VC++ 6.0 configurations are generated using the dynamic CRT.
+
+   Intentionally, these reference VC++ 6.0 projects and configurations don't use
+   third party libraries, such as OpenSSL or Zlib, to allow proper compilation
+   and configuration for all new users without further requirements.
+
+   If you need something more 'involved' you might adjust them for your own use,
+   or explore the world of makefiles described above 'MSVC from command line'.
+
    Borland C++ compiler
    ---------------------
 
@@ -315,9 +346,8 @@ Win32
                                  -L c:\openssl\out32\ssleay32.lib
                                  simplessl.c
 
-
+   OTHER MSVC IDEs
-   MSVC IDE
+   ---------------
-   --------
 
    If you use VC++, Borland or similar compilers. Include all lib source
    files in a static lib "project" (all .c and .h files that is).
@@ -326,9 +356,6 @@ Win32
    Make the sources in the src/ drawer be a "win32 console application"
    project. Name it curl.
 
-   For VC++ 6, there's an included Makefile.vc6 that should be possible
-   to use out-of-the-box.
-
 
    Disabling Specific Protocols in Win32 builds
    --------------------------------------------

docs/examples/10-at-a-time.c

@@ -16,11 +16,10 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
-#include <unistd.h>
+#ifndef WIN32
-#include <curl/multi.h>
+#  include <unistd.h>
-#ifdef WIN32
-#include <windows.h>
 #endif
+#include <curl/multi.h>
 
 static const char *urls[] = {
   "http://www.microsoft.com",

docs/examples/anyauthput.c

@@ -9,10 +9,23 @@
  */
 
 #include <stdio.h>
-#include <stdint.h>
 #include <fcntl.h>
+#ifdef WIN32
+#  include <io.h>
+#else
+#  include <stdint.h>
+#  include <unistd.h>
+#endif
+#include <sys/types.h>
 #include <sys/stat.h>
-#include <unistd.h>
+
+#ifdef _MSC_VER
+#  ifdef _WIN64
+     typedef __int64 intptr_t;
+#  else
+     typedef int intptr_t;
+#  endif
+#endif
 
 #include <curl/curl.h>
 

docs/examples/fopen.c

@@ -45,7 +45,9 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <sys/time.h>
+#ifndef WIN32
+#  include <sys/time.h>
+#endif
 #include <stdlib.h>
 #include <errno.h>
 

docs/examples/ftpuploadresume.c

@@ -21,6 +21,9 @@
 
 #include <curl/curl.h>
 
+#if defined(_MSC_VER) && (_MSC_VER < 1300)
+#  error _snscanf requires MSVC 7.0 or later.
+#endif
 
 /* The MinGW headers are missing a few Win32 function definitions,
    you shouldn't need this if you use VC++ */

lib/Makefile.am

@@ -27,7 +27,7 @@ VCPROJ = curllib.vcproj
 
 DOCS = README.encoding README.memoryleak README.ares README.curlx	\
  README.hostip README.multi_socket README.httpauth README.pipelining    \
- README.NSS
+ README.NSS README.curl_off_t
 
 EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 Makefile.riscos $(DSP) \
  curllib.dsw config-win32.h config-win32ce.h config-riscos.h config-mac.h  \

lib/easy.c

@@ -205,6 +205,10 @@ static long          init_flags;
 #define system_strdup strdup
 #endif
 
+#if defined(_MSC_VER) && defined(_DLL)
+#  pragma warning(disable:4232) /* MSVC extension, dllimport identity */
+#endif
+
 #ifndef __SYMBIAN32__
 /*
  * If a memory-using function (like curl_getenv) is used before
@@ -227,6 +231,10 @@ curl_strdup_callback Curl_cstrdup;
 curl_calloc_callback Curl_ccalloc;
 #endif
 
+#if defined(_MSC_VER) && defined(_DLL)
+#  pragma warning(default:4232) /* MSVC extension, dllimport identity */
+#endif
+
 /**
  * curl_global_init() globally initializes cURL given a bitwise set of the
  * different features of what to initialize.

lib/transfer.c

@@ -656,6 +656,15 @@ static CURLcode readwrite_data(struct SessionHandle *data,
 
   } while(data_pending(conn));
 
+  if(((k->keepon & (KEEP_READ|KEEP_WRITE)) == KEEP_WRITE) &&
+     conn->bits.close ) {
+    /* When we've read the entire thing and the close bit is set, the server may
+       now close the connection. If there's now any kind of sending going on from
+       our side, we need to stop that immediately. */
+    infof(data, "we are done reading and this is set to close, stop send\n");
+    k->keepon &= ~KEEP_WRITE; /* no writing anymore either */
+  }
+
   return CURLE_OK;
 }
 

tests/FILEFORMAT

@@ -113,12 +113,14 @@ PASVBADIP
  - makes PASV send back an illegal IP in its 227 response
 
 For HTTP/HTTPS:
-auth_required - if this is set and a POST/PUT is made without auth, the
+auth_required   if this is set and a POST/PUT is made without auth, the
                 server will NOT wait for the full request body to get sent
-idle -          do nothing after receiving the request, just "sit idle"
+idle            do nothing after receiving the request, just "sit idle"
-stream -        continuously send data to the client, never-ending
+stream          continuously send data to the client, never-ending
-pipe: [num] -   tell the server to expect this many HTTP requests before
+pipe: [num]     tell the server to expect this many HTTP requests before
                 sending back anything, to allow pipelining tests
+skip: [num]     instructs the server to ignore reading this many bytes from a PUT
+                or POST request
 </servercmd>
 </reply>
 

tests/data/DISABLED

@@ -4,3 +4,7 @@
 # per line.
 # Lines starting with '#' letters are treated as comments.
 1069
+1071
+1072
+1073
+1074

tests/data/Makefile.am

@@ -56,7 +56,8 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
  test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047   \
  test1048 test1049 test1050 test1051 test1052 test1053 test1054 test1055   \
  test1056 test1057 test1058 test1059 test1060 test1061 test1062 test1063   \
- test1064 test1065 test1066 test1067 test1068 test1069
+ test1064 test1065 test1066 test1067 test1068 test1069 test1070 test1071   \
+ test1072 test1073 test1074 test1075
 
 filecheck:
 	@mkdir test-place; \

tests/data/test1069

@@ -3,13 +3,14 @@
 <keywords>
 HTTP
 HTTP PUT
+HTTP/1.0
 </keywords>
 </info>
 
 # Server-side
 <reply>
 <data>
-HTTP/1.0 200 OK swsclose
+HTTP/1.0 500 Impossible swsclose
 Date: Thu, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake
 
@@ -30,21 +31,14 @@ HTTP 1.0 PUT from stdin with no content length
 http://%HOSTIP:%HTTPPORT/bzz/1069 -T - -0
 </command>
 <stdin>
-more than one byte
+this data can't be sent
 </stdin>
 </client>
 
 # Verify data after the test has been "shot"
 <verify>
-<strip>
+<errorcode>
-^User-Agent:.*
+25
-</strip>
+</errorcode>
-<protocol>
-PUT /bzz/1069 HTTP/1.0
-Host: %HOSTIP:%HTTPPORT
-Accept: */*
-Content-Length: 0
-
-</protocol>
 </verify>
 </testcase>

tests/data/test1070

@@ -0,0 +1,65 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 403 Go away and swsclose
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 55
+Connection: close
+
+you are not supposed to be allowed to send things here
+</data>
+<servercmd>
+skip: 2300
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP POST with server sending error before (all) data is received
+ </name>
+ <command>
+ -d @log/input1070 http://%HOSTIP:%HTTPPORT/1070
+</command>
+<file name="log/input1070">
+This creates the named file with this content before the test case is run,
+which is useful if the test case needs a file to act on. We create this file
+rather large (larger than your typical TCP packet) so that not all of it can nor
+will be sent in one go as that is kind of the point of this test!
+
+Here's 2000 x 'O':
+OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
+</file>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol nonewline="yes">
+POST /1070 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 2313
+Content-Type: application/x-www-form-urlencoded
+Expect: 100-continue
+
+This creates 
+</protocol>
+</verify>
+</testcase>

tests/data/test1071

@@ -0,0 +1,113 @@
+<testcase>
+# Authorization is used to force curl to realize that the server is
+# speaking HTTP 1.0. The request must be resent with the correct
+# authorization header, but using HTTP 1.0, not 1.1.
+<info>
+<keywords>
+HTTP
+HTTP PUT
+HTTP Digest auth
+--anyauth
+HTTP/1.0
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.0 401 Authorization Required swsclose
+Server: testcurl
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
+Content-Type: text/plain
+Content-Length: 35
+Connection: close
+
+Try again on this HTTP 1.0 server!
+</data>
+
+# This is supposed to be returned when the server gets a
+# Authorization: Digest line passed-in from the client
+<data1000>
+HTTP/1.0 200 OK swsclose
+Server: testcurl
+Content-Type: text/plain
+Content-Length: 23
+Connection: close
+
+This IS the real page!
+</data1000>
+
+<datacheck>
+HTTP/1.0 401 Authorization Required swsclose
+Server: testcurl
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
+Content-Type: text/plain
+Content-Length: 35
+Connection: close
+
+HTTP/1.0 200 OK swsclose
+Server: testcurl
+Content-Type: text/plain
+Content-Length: 23
+Connection: close
+
+This IS the real page!
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+crypto
+</features>
+ <name>
+Downgraded HTTP PUT to HTTP 1.0 with authorization
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1071 -T log/put1071 -u testuser:testpass --anyauth
+</command>
+<file name="log/put1071">
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+PUT /1071 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 85
+Expect: 100-continue
+
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+PUT /1071 HTTP/1.0
+Authorization: Digest username="testuser", realm="gimme all yer s3cr3ts", nonce="11223344", uri="/1071", response="df4cef6b52a30e65d472dd848d2055a1"
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 85
+
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+</protocol>
+</verify>
+</testcase>

tests/data/test1072

@@ -0,0 +1,78 @@
+<testcase>
+# Authorization is used to force curl to realize that the server is
+# speaking HTTP 1.0. The request is impossible to satisfy with HTTP 1.0
+# because chunked encoding is unavailable, so the request must fail.
+<info>
+<keywords>
+HTTP
+HTTP PUT
+HTTP Digest auth
+--anyauth
+HTTP/1.0
+chunked Transfer-Encoding
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.0 401 Authorization Required swsclose
+Server: testcurl
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
+Content-Type: text/plain
+Content-Length: 35
+Connection: close
+
+Try again on this HTTP 1.0 server!
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+crypto
+</features>
+ <name>
+HTTP chunked PUT to HTTP 1.0 server with authorization
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1072 -T - -u testuser:testpass --anyauth
+</command>
+<stdin>
+This is data we upload with PUT
+it comes from stdin so MUST be sent
+with chunked encoding
+which is impossible in HTTP/1.0
+</stdin>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+25
+</errorcode>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+PUT /1072 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Transfer-Encoding: chunked
+Expect: 100-continue
+
+7a
+This is data we upload with PUT
+it comes from stdin so MUST be sent
+with chunked encoding
+which is impossible in HTTP/1.0
+0
+
+</protocol>
+</verify>
+</testcase>

tests/data/test1073

@@ -0,0 +1,71 @@
+<testcase>
+# Redirection is used to force curl to realize that the server is
+# speaking HTTP 1.0. The request is impossible to satisfy with HTTP 1.0
+# because chunked encoding is unavailable, so the request must fail.
+<info>
+<keywords>
+HTTP
+HTTP PUT
+HTTP/1.0
+followlocation
+chunked Transfer-Encoding
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.0 301 Authorization Required swsclose
+Server: testcurl
+Content-Type: text/plain
+Location: /newlocation/10730002
+Content-Length: 0
+Connection: close
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP chunked PUT to HTTP 1.0 server with redirect
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1073 -T - -L
+</command>
+<stdin>
+This is data we upload with PUT
+it comes from stdin so MUST be sent
+with chunked encoding
+which is impossible in HTTP/1.0
+</stdin>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+25
+</errorcode>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+PUT /1073 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Transfer-Encoding: chunked
+Expect: 100-continue
+
+7a
+This is data we upload with PUT
+it comes from stdin so MUST be sent
+with chunked encoding
+which is impossible in HTTP/1.0
+0
+
+</protocol>
+</verify>
+</testcase>

tests/data/test1074

@@ -0,0 +1,76 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP/1.0
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="true">
+HTTP/1.0 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 9
+Connection: Keep-Alive
+
+surprise
+</data>
+<data1>
+HTTP/1.0 200 OK swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Connection: close
+
+surprise2
+</data1>
+
+<postcmd>
+wait 1
+</postcmd>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP downgrade to HTTP/1.0 on second request
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/want/1074 http://%HOSTIP:%HTTPPORT/wantmore/10740001
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<stdout>
+HTTP/1.0 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 9
+Connection: Keep-Alive
+
+surprise
+HTTP/1.0 200 OK swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Connection: close
+
+surprise2
+</stdout>
+
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /want/1074 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /wantmore/10740001 HTTP/1.0
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>

tests/data/test1075

@@ -0,0 +1,94 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP PUT
+HTTP Basic auth
+--anyauth
+</keywords>
+</info>
+
+# Server-side
+<reply>
+# The test server provides no way to respond differently to a subsequent
+# Basic authenticated request (we really want to respond with 200 for
+# the second), so just respond with 401 for both and let curl deal with it.
+<data>
+HTTP/1.1 401 Authorization Required
+Server: testcurl
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: X-bogus-auth realm="gimme all yer s3cr3ts"
+Content-Type: text/plain
+Content-Length: 0
+
+</data>
+<datacheck>
+HTTP/1.1 401 Authorization Required
+Server: testcurl
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: X-bogus-auth realm="gimme all yer s3cr3ts"
+Content-Type: text/plain
+Content-Length: 0
+
+HTTP/1.1 401 Authorization Required
+Server: testcurl
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: X-bogus-auth realm="gimme all yer s3cr3ts"
+Content-Type: text/plain
+Content-Length: 0
+
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP PUT with --anyauth authorization (picking Basic)
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1075 -T log/put1075 -u testuser:testpass --anyauth
+</command>
+<file name="log/put1075">
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+PUT /1075 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 85
+Expect: 100-continue
+
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+PUT /1075 HTTP/1.1
+Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M=
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 85
+Expect: 100-continue
+
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+</protocol>
+</verify>
+</testcase>

tests/server/sws.c

@@ -99,6 +99,10 @@ struct httprequest {
   bool ntlm;      /* Authorization ntlm header found */
   int pipe;       /* if non-zero, expect this many requests to do a "piped"
                      request/response */
+  int skip;       /* if non-zero, the server is instructed to not read this
+                     many bytes from a PUT/POST request. Ie the client sends N
+                     bytes said in Content-Length, but the server only reads N
+                     - skip bytes. */
   int rcmd;       /* doing a special command, see defines above */
   int prot_version; /* HTTP version * 10 */
   bool pipelining; /* true if request is pipelined */
@@ -303,6 +307,13 @@ int ProcessRequest(struct httprequest *req)
             req->pipe = num-1; /* decrease by one since we don't count the
                                   first request in this number */
           }
+          else if(1 == sscanf(cmd, "skip: %d", &num)) {
+            logmsg("instructed to skip this number of bytes %d", num);
+            req->skip = num;
+          }
+          else {
+            logmsg("funny instruction found: %s", cmd);
+          }
           free(cmd);
         }
       }
@@ -351,7 +362,7 @@ int ProcessRequest(struct httprequest *req)
        headers, for the pipelining case mostly */
     req->checkindex += (end - line) + strlen(END_OF_HEADERS);
 
-  /* **** Persistency ****
+  /* **** Persistence ****
    *
    * If the request is a HTTP/1.0 one, we close the connection unconditionally
    * when we're done.
@@ -363,14 +374,17 @@ int ProcessRequest(struct httprequest *req)
    */
 
   do {
-    if(!req->cl && curlx_strnequal("Content-Length:", line, 15)) {
+    if((req->cl<=0) && curlx_strnequal("Content-Length:", line, 15)) {
       /* If we don't ignore content-length, we read it and we read the whole
          request including the body before we return. If we've been told to
          ignore the content-length, we will return as soon as all headers
          have been received */
-      req->cl = strtol(line+15, &line, 10);
+      size_t cl = strtol(line+15, &line, 10);
+      req->cl = cl - req->skip;
 
-      logmsg("Found Content-Length: %d in the request", req->cl);
+      logmsg("Found Content-Length: %d in the request", cl);
+      if(req->skip)
+        logmsg("... but will abort after %d bytes", req->cl);
       break;
     }
     else if(curlx_strnequal("Transfer-Encoding: chunked", line,
@@ -457,7 +471,7 @@ int ProcessRequest(struct httprequest *req)
   if(req->auth_req && !req->auth)
     return 1;
 
-  if(req->cl) {
+  if(req->cl > 0) {
     if(req->cl <= req->offset - (end - req->reqbuf) - strlen(END_OF_HEADERS))
       return 1; /* done */
     else
@@ -552,6 +566,7 @@ static int get_request(curl_socket_t sock, struct httprequest *req)
   req->digest = FALSE;
   req->ntlm = FALSE;
   req->pipe = 0;
+  req->skip = 0;
   req->rcmd = RCMD_NORMALREQ;
   req->prot_version = 0;
   req->pipelining = FALSE;
@@ -564,8 +579,15 @@ static int get_request(curl_socket_t sock, struct httprequest *req)
       got = pipereq_length;
       pipereq_length = 0;
     }
+    else {
+      if(req->skip)
+        /* we are instructed to not read the entire thing, so we make sure to only
+           read what we're supposed to and NOT read the enire thing the client
+           wants to send! */
+        got = sread(sock, reqbuf + req->offset, req->cl);
       else
         got = sread(sock, reqbuf + req->offset, REQBUFSIZ-1 - req->offset);
+    }
     if (got <= 0) {
       if (got < 0) {
         logmsg("recv() returned error: %d", SOCKERRNO);

vc6curl.dsw

@@ -0,0 +1,44 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "curllib"=".\lib\curllib.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Project: "curlsrc"=".\src\curlsrc.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+    Begin Project Dependency
+    Project_Dep_Name curllib
+    End Project Dependency
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+