reset "multipass" state when CONNECT request is done #3972
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Usually, work with proxy using NTLM looks like this
(https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117931-technote-ntml.html):
1. Client sends
We found interesting proxy from cisco, that performs some optimization in that conversation.
It looks like this:
1'. Client sends
This happens because proxy has remembered that client with specific ip address had passed ntlm authentication already.
So, proxy desides to pass client without performing long conversation.
And, in the case of such short ntlm conversation we found bug in curl.
If curl performed POST request with body through such proxy, after short ntlm convertation curl makes POST request WITHOUT BODY.