bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Implementing draft to update RFC6265


From: Kushagra Singh
Subject: Re: [Bug-wget] Implementing draft to update RFC6265
Date: Thu, 28 Jan 2016 01:22:21 +0530

On Wed, Jan 27, 2016 at 5:06 PM, Tim Ruehsen <address@hidden> wrote:

> > > What about the '#ifdef HAVE_SSL' ? Don't we need the check always ?
>
> Sorry for my irritating text. What I tried to ask/say was "Do we need the
> #ifdef in cookie_handle_set_cookie() at all ?".
>
> And btw, do we need it in parse_set_cookie() ?
>
>
I think it is required in parse_set_cookie(). It does not create a secure
only cookie in case the connection is insecure. Now this can happen because
of two reasons, (i) communication over simple HTTP despite wget configured
with SSL, (ii) wget configured with the "--without-ssl" option. The log
output in both the cases should be different, right?

Darshit said it with clearer words (and I agree with him):
> "When a user loads a file backed cookie jar, they expect it to work
> according to the RFC, irrespective of whether the client supports SSL
> or not. And especially since support for this does not depend on the
> actual linking of any SSL library, it shouldn't be hard to implement."
>
>
In this case, then can we simply remove the #ifdef check, and and the if
else statement check whether (scheme == SCHEME_HTTP) and not (scheme !=
SCHEME_HTTPS), since they would essentially mean the same. This should take
care of the problem you mention. I have attached a patch with these changes.

A question about the way things are done in the Wget project, should I
attach a patch that should be applied in continuation to the last patch I
sent, or one generated by all the commits? The patch I have attached is the
one generated of the last commit only.


Kush

Attachment: 0001-Fixed-recommendatin-II-of-draft.patch
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]