Merge branch 'dt/http-empty-auth'

http.emptyauth configuration is a way to allow an empty username to
pass when attempting to authenticate using mechanisms like
Kerberos.  We took an unspecified (NULL) username and sent ":"
(i.e. no username, no password) to CURLOPT_USERPWD, but did not do
the same when the username is explicitly set to an empty string.

* dt/http-empty-auth:
http: http.emptyauth should allow empty (not just NULL) usernames

diff --git a/http.c b/http.c
index 0c65639881c6572c6fb9c6038580f9d915daef05..4c4a812fcc39509e32fbcae3db21871b97a1a5eb 100644 (file)
--- a/http.c
+++ b/http.c
@@ -372,7 +372,7 @@ static int http_options(const char *var, const char *value, void *cb)
 
 static void init_curl_http_auth(CURL *result)
 {
-       if (!http_auth.username) {
+       if (!http_auth.username || !*http_auth.username) {
                if (curl_empty_auth)
                        curl_easy_setopt(result, CURLOPT_USERPWD, ":");
                return;