Merge branch 'dt/http-empty-auth' into maint

http.emptyauth configuration is a way to allow an empty username to
pass when attempting to authenticate using mechanisms like
Kerberos.  We took an unspecified (NULL) username and sent ":"
(i.e. no username, no password) to CURLOPT_USERPWD, but did not do
the same when the username is explicitly set to an empty string.

* dt/http-empty-auth:
http: http.emptyauth should allow empty (not just NULL) usernames

diff --git a/http.c b/http.c
index 82ed54269059c38e1698b7ffc1af0d1000e5bfec..bd0dba23a037bfff48ea88b916c8f5a650c08176 100644 (file)
--- a/http.c
+++ b/http.c
@@ -351,7 +351,7 @@ static int http_options(const char *var, const char *value, void *cb)
 
 static void init_curl_http_auth(CURL *result)
 {
-       if (!http_auth.username) {
+       if (!http_auth.username || !*http_auth.username) {
                if (curl_empty_auth)
                        curl_easy_setopt(result, CURLOPT_USERPWD, ":");
                return;