Re: [xml] [PATCH] xmlIO HTTPS handler using libcurl [version 2]

[joel reed <joelwreed gmail com>]

Daniel Veillard wrote:

<snip>
>   Thanks for the patch, though I'm still wondering abit about it:
>     - I have said in the past that I didn't want to add too much to nano*
>     - adding a dependancy to libxml2 always annoys me
> on the other hand
>     - the patch is nice
>     - other people may use this
>     - the code is not compiled and the dependancy does not exist by default
>
> I'm still undecided about this, more code means that this gets factored,
> which is potentally good for a few users, but grows the maintainance a bit.
>   
> Also it seems to me the patch avoids the core of the issue which is 
> authentication, that was one of my main discussion w.r.t. extending
> nanohttp is that people wanted auth, and IMHO that was outside the scope
> of libxml2, and I suggested to plug curl in and deal with it there.
> So how is https really useful if you don't have authentication (or maybe I
> missed it and it's done by the curl layer), but I would at least expect
> some kind of callback to handle 401 auth requests, and I don't see 
> any in the patch, so I'm wondering what's the limitation here :-)
>
> Daniel
>
>   
Yes I agree another dependency is annoying. We are doing forms based 
authentication over SSL here, so the need to handle http basic/digest 
type authentication hasn't come up but I can see the usefulness for others.

One thing I had considered is making the curl patch handle http, https, 
ftp, sftps, and whatever else (http://curl.haxx.se/docs/features.html) 
libcurl can handle that would be of interest for xmlIO. As part of that 
I could add an authentication callback.

Could we say that if you enable curl support,  nano http/ftp handlers 
are disabled at compile time or would you like to approach it some other 
way? (if the above sounds interesting) If the dependency is really too 
annoying, no problem, patch can sit on mailing list for others if they 
need it.

jr