As pointedly documented in RFC7230 section 2.3, HTTP is a stateless protocol: each request message can be understood in isolation from any other requests or responses. Various authentication schemes such as NTLM break this fundamental property of HTTP and rely on the same TCP connection being reused. Work around these broken authentication schemes by ensuring that the most recently pooled connection is reused for the subsequent authentication retry. Reported-by: Andreas Hammarskjöld <junior@2PintSoftware.com> Tested-by: Andreas Hammarskjöld <junior@2PintSoftware.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>tags/v1.20.1
|
|
||
252 |
|
252 |
|
253 |
|
253 |
|
254 |
|
254 |
|
255 |
|
|
|
256 |
|
|
|
|
255 |
|
|
|
256 |
|
|
|
257 |
|
|
|
258 |
|
|
|
259 |
|
|
|
260 |
|
|
|
261 |
|
|
257 |
|
262 |
|
258 |
|
263 |
|
259 |
|
264 |
|
|
|
||
778 |
|
778 |
|
779 |
|
779 |
|
780 |
|
780 |
|
|
781 |
|
|
|
782 |
|
|
|
783 |
|
|
|
784 |
|
|
|
785 |
|
|
|
786 |
|
|
|
787 |
|
|
|
788 |
|
|
|
789 |
|
|
|
790 |
|
|
|
791 |
|
|
|
792 |
|
|
781 |
|
793 |
|
782 |
|
794 |
|
783 |
|
795 |
|