Merge branch 'dt/http-empty-auth' into maint

http.emptyauth configuration is a way to allow an empty username to pass when attempting to authenticate using mechanisms like Kerberos. We took an unspecified (NULL) username and sent ":" (i.e. no username, no password) to CURLOPT_USERPWD, but did not do the same when the username is explicitly set to an empty string. * dt/http-empty-auth: http: http.emptyauth should allow empty (not just NULL) usernames
2016-10-28 09:01:14 -07:00 · 2016-10-28 09:01:14 -07:00 · 50a6f65c2d
commit 50a6f65c2d
parent c00837c48a 5275c3081c
1 changed files with 1 additions and 1 deletions
--- a/http.c
+++ b/http.c
@ -351,7 +351,7 @@ static int http_options(const char *var, const char *value, void *cb)

 static void init_curl_http_auth(CURL *result)
 {
-	if (!http_auth.username) {
+	if (!http_auth.username || !*http_auth.username) {
 		if (curl_empty_auth)
 			curl_easy_setopt(result, CURLOPT_USERPWD, ":");
 		return;