You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Scott Cantor (JIRA)" <xe...@xml.apache.org> on 2007/05/04 04:02:15 UTC
[jira] Created: (XERCESC-1698) XMLURL class prevents SSL-capable
NetAccessors
XMLURL class prevents SSL-capable NetAccessors
----------------------------------------------
Key: XERCESC-1698
URL: https://issues.apache.org/jira/browse/XERCESC-1698
Project: Xerces-C++
Issue Type: Bug
Components: Miscellaneous
Affects Versions: 2.7.0
Reporter: Scott Cantor
Despite the addition of a libcurl-based NetAccessor, which can handle https:// URLs, the XMLURL class prevents it from getting a chance to run when parsing because it hardcodes the allowable protocols.
This seems like a design flaw. If URL parsing really requires hardcoding specific protocols and ports, it should be a "known" protocol list, not a list that automatically blocks unknown protocols. If that isn't possible, then https should be added at a minimum.
It's not the XMLURL class' job to know what a NetAccessor can handle. If some kind of capability API is needed, then it should be added to the NetAccessor interface so the XMLURL class can ask it whether a given protocol will work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Reopened: (XERCESC-1698) XMLURL class prevents SSL-capable
NetAccessors
Posted by "Scott Cantor (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor reopened XERCESC-1698:
-----------------------------------
Yes, it should be changed as well.
> XMLURL class prevents SSL-capable NetAccessors
> ----------------------------------------------
>
> Key: XERCESC-1698
> URL: https://issues.apache.org/jira/browse/XERCESC-1698
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 2.7.0
> Reporter: Scott Cantor
>
> Despite the addition of a libcurl-based NetAccessor, which can handle https:// URLs, the XMLURL class prevents it from getting a chance to run when parsing because it hardcodes the allowable protocols.
> This seems like a design flaw. If URL parsing really requires hardcoding specific protocols and ports, it should be a "known" protocol list, not a list that automatically blocks unknown protocols. If that isn't possible, then https should be added at a minimum.
> It's not the XMLURL class' job to know what a NetAccessor can handle. If some kind of capability API is needed, then it should be added to the NetAccessor interface so the XMLURL class can ask it whether a given protocol will work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Commented: (XERCESC-1698) XMLURL class prevents SSL-capable
NetAccessors
Posted by "Scott Cantor (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12494312 ]
Scott Cantor commented on XERCESC-1698:
---------------------------------------
That will fix the immediate problem, thanks.
> XMLURL class prevents SSL-capable NetAccessors
> ----------------------------------------------
>
> Key: XERCESC-1698
> URL: https://issues.apache.org/jira/browse/XERCESC-1698
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 2.7.0
> Reporter: Scott Cantor
>
> Despite the addition of a libcurl-based NetAccessor, which can handle https:// URLs, the XMLURL class prevents it from getting a chance to run when parsing because it hardcodes the allowable protocols.
> This seems like a design flaw. If URL parsing really requires hardcoding specific protocols and ports, it should be a "known" protocol list, not a list that automatically blocks unknown protocols. If that isn't possible, then https should be added at a minimum.
> It's not the XMLURL class' job to know what a NetAccessor can handle. If some kind of capability API is needed, then it should be added to the NetAccessor interface so the XMLURL class can ask it whether a given protocol will work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Resolved: (XERCESC-1698) XMLURL class prevents SSL-capable
NetAccessors
Posted by "Alberto Massari (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alberto Massari resolved XERCESC-1698.
--------------------------------------
Resolution: Fixed
The fix is in SVN. Please verify.
> XMLURL class prevents SSL-capable NetAccessors
> ----------------------------------------------
>
> Key: XERCESC-1698
> URL: https://issues.apache.org/jira/browse/XERCESC-1698
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 2.7.0
> Reporter: Scott Cantor
>
> Despite the addition of a libcurl-based NetAccessor, which can handle https:// URLs, the XMLURL class prevents it from getting a chance to run when parsing because it hardcodes the allowable protocols.
> This seems like a design flaw. If URL parsing really requires hardcoding specific protocols and ports, it should be a "known" protocol list, not a list that automatically blocks unknown protocols. If that isn't possible, then https should be added at a minimum.
> It's not the XMLURL class' job to know what a NetAccessor can handle. If some kind of capability API is needed, then it should be added to the NetAccessor interface so the XMLURL class can ask it whether a given protocol will work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Commented: (XERCESC-1698) XMLURL class prevents SSL-capable
NetAccessors
Posted by "Boris Kolpackov (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520288 ]
Boris Kolpackov commented on XERCESC-1698:
------------------------------------------
I think this fix should also change gMaxProtoLen in XMLURL.cpp from 4 to 5 (strlen ("https")).
> XMLURL class prevents SSL-capable NetAccessors
> ----------------------------------------------
>
> Key: XERCESC-1698
> URL: https://issues.apache.org/jira/browse/XERCESC-1698
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 2.7.0
> Reporter: Scott Cantor
>
> Despite the addition of a libcurl-based NetAccessor, which can handle https:// URLs, the XMLURL class prevents it from getting a chance to run when parsing because it hardcodes the allowable protocols.
> This seems like a design flaw. If URL parsing really requires hardcoding specific protocols and ports, it should be a "known" protocol list, not a list that automatically blocks unknown protocols. If that isn't possible, then https should be added at a minimum.
> It's not the XMLURL class' job to know what a NetAccessor can handle. If some kind of capability API is needed, then it should be added to the NetAccessor interface so the XMLURL class can ask it whether a given protocol will work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Resolved: (XERCESC-1698) XMLURL class prevents SSL-capable
NetAccessors
Posted by "Alberto Massari (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alberto Massari resolved XERCESC-1698.
--------------------------------------
Resolution: Fixed
Fix Version/s: 3.0.0
Assignee: Alberto Massari
gMaxProtoLen is updated now
> XMLURL class prevents SSL-capable NetAccessors
> ----------------------------------------------
>
> Key: XERCESC-1698
> URL: https://issues.apache.org/jira/browse/XERCESC-1698
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 2.7.0
> Reporter: Scott Cantor
> Assignee: Alberto Massari
> Fix For: 3.0.0
>
>
> Despite the addition of a libcurl-based NetAccessor, which can handle https:// URLs, the XMLURL class prevents it from getting a chance to run when parsing because it hardcodes the allowable protocols.
> This seems like a design flaw. If URL parsing really requires hardcoding specific protocols and ports, it should be a "known" protocol list, not a list that automatically blocks unknown protocols. If that isn't possible, then https should be added at a minimum.
> It's not the XMLURL class' job to know what a NetAccessor can handle. If some kind of capability API is needed, then it should be added to the NetAccessor interface so the XMLURL class can ask it whether a given protocol will work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org