libhttp-daemon-perl: HTTP::Daemon doesn't report keep-alive connection to HTTP/1.0 clients [rt.cpan.org #93722]

[oalders]

Migrated from rt.cpan.org#93722 (status was 'new')

Requestors:

• daniel@serverb.co.uk

From dlintott@cpan.org on 2014-03-10 21:14:40
:

This bug has been forwarded from http://bugs.debian.org/324539

-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->

Package: libwww-perl
Version: 5.803-4
Severity: normal

When an HTTP/1.0 client requests persistent connections, HTTP::Daemon
respects the request, but doesn't indicate to the client that the resulting
connection is keep-alive.  Assuming the server example from the man page,
the conversation looks like this:

    $ nc mulj 32790
    GET /xyzzy HTTP/1.0
    Connection: Keep-Alive
    
    HTTP/1.1 200 OK
    Date: Mon, 22 Aug 2005 16:45:53 GMT
    Server: libwww-perl-daemon/1.36
    Content-Type: text/plain
    Content-Length: 1329
    Last-Modified: Mon, 14 Feb 2005 00:36:13 GMT
    
    ... contents of /etc/passwd ...
    [ client hangs waiting for output ]

The problem is that the server didn't indicate a persistent connection by
sending the appropriate Connection header with the response.  This made the
HTTP/1.0 client think that the server didn't understand the keep-alive
request and it simply read the response until EOF -- which never came.  This
problem exists with Wget prior to 1.10.1 when interacting with HTTP::Daemon
servers.

While assuming persistent connections is correct in HTTP/1.1, it is not the
case in HTTP/1.0, where persistent connections exist only as an extension
that must be explicitly negotiated between and understood by both the client
and the server.  If the server doesn't respond with the appropriate token,
the HTTP/1.0 client must assume that it is talking to a server that doesn't
understand persistent connections and behave accordingly.

To summarize: when dealing with HTTP/1.0 clients requesting persistent
connections, HTTP::Daemon should either include "Connection: Keep-Alive" in
the response or not use persistent connections at all.  The former is
obviously preferrable.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages libwww-perl depends on:
pn  libdigest-md5-perl            <none>     (no description available)
ii  libhtml-parser-perl           3.45-2     A collection of modules that parse
ii  libhtml-tree-perl             3.18-1     represent and create HTML syntax t
ii  liburi-perl                   1.35-1     Manipulates and accesses URI strin
ii  perl [libmime-base64-perl]    5.8.7-3    Larry Wall's Practical Extraction 
ii  perl-modules [libnet-perl]    5.8.7-3    Core Perl modules

Versions of packages libwww-perl recommends:
pn  libcompress-zlib-perl         <none>     (no description available)
pn  libhtml-format-perl           <none>     (no description available)
ii  libmailtools-perl             1.62-1     Manipulate email in perl programs

-- no debconf information



<--<--<--<--<--<--<--<--<--<--<--<--<--<--<--<--<--<--<--<--

Thanks in advance,
Daniel Lintott, Debian Perl Group