notroj / neon Goto Github PK

Cross-compiling using a Buildroot environment, x86_64, 0.31.2 builds/installs fine, but 0.32.1 fails on install with:

xmlto -o `pwd`/doc/man -x ./doc/man.xsl man ./doc/manual.xml
/bin/sh: xmlto: command not found
make[1]: *** [Makefile:97: docs-man] Error 127

Our build environment does not include xmlto, and there is no need to regenerate the docs as they are included in the release. (BTW, we remove all docs anyway.)

This patch fixes the issue on my end:

--- neon-0.32.1/Makefile.in.orig	2021-10-06 10:57:58.322850997 -0500
+++ neon-0.32.1/Makefile.in	2021-10-06 10:59:10.560854337 -0500
@@ -128,13 +128,13 @@
 
 install-docs: install-man install-html
 
-install-html: docs-html
+install-html:
 	$(INSTALL) -d $(DESTDIR)$(docdir)/html
 	for d in doc/html/*.html; do \
 		$(INSTALL_DATA) $$d $(DESTDIR)$(docdir)/html; \
 	done
 
-install-man: docs-man
+install-man:
 	$(INSTALL) -d $(DESTDIR)$(man3dir)
 	$(INSTALL) -d $(DESTDIR)$(man1dir)
 	for m in doc/man/*.3; do \

For your release your would have to make with docs to generate the docs.

1. ne_sock_close() should not be calling SSL_shutdown() after an SSL library error, per the OpenSSL docs

2. there is also maybe needed an alternative to ne_sock_close() which does SSL closure and waits for the peer to send close_notify, and returns success/error appropriately.

Calling shutdown(fd, SHUT_WR) is another workaround for the problem in issue #11, the IIS/10 running on live.com does immediately close the connection (without sending a close_notify) in that case, so avoiding the hang

I am not at all sure, what component of the following bug is at fault. The components are LibreOffice using Neon and a commercial WebDav-Server.

The server returns the time until the lock expires as it currently measures it. So it will be less than the requested timeout.

The following happens:

client -> Second-3
server -> Second-2
client -> Second-2
server -> Second-1
client -> Second-0

BOOM. I don't know who is wrong. If I read the spec I think the client is wrong. The clients should always request the timeout it wants and not the timeout returned by the server. This line will update the requested timeout with the timeout returned by the server.

I am also not sure if how LibreOffice uses Neon is wrong. Please let me know what you think, so I can decide where to fix the problem.

Describe the bug

Configuration fails on macOS and when implicit declaration of functions is an error:

checking for library containing socket... not found
configure: error: could not find library containing socket

config.log shows the reason is:

conftest.c:78:1: error: implicit declaration of function 'socket' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
socket();
^

This was reported to MacPorts here. Implicit declaration of functions is an error in the version of clang included with Xcode 12 and later, or if you add -Werror=implicit-function-declaration to CFLAGS (which I do because I have not upgraded to Xcode 12 but I want to find and help fix these errors). Apple changed this condition from a warning to an error in order to support ARM processors which have different calling conventions for variadic and non-variadic functions, so the compiler must know before you call a function what kind of function it is, so it must see the function declaration.

After fixing this problem by patching the configure script to add the line:

#include <sys/socket.h>

it still fails. config.log shows the next problem is:

conftest.c:78:8: error: too few arguments to function call, expected 3, have 0
socket();
~~~~~~ ^
/usr/include/sys/socket.h:702:1: note: 'socket' declared here
int     socket(int, int, int);
^

Environment

• neon version: master
• OS: macOS
• SSL library version: 1.1.1i

To Reproduce
On macOS with Xcode 12 or later, run LIBTOOLIZE=glibtoolize ./autogen.sh (if not using a release) and ./configure.

Debugging output
N/A

Error: Build neon with WebDAV support
Environment

• neon version: [e.g. 0.32.2]
• OS: [Windows/VisualStudio_2019]
• Expat library version: [e.g. 2.4.8]

C:\NEON\neon-0.32.2>nmake /f neon.mak EXPAT_SRC=C:\NEON\Expat-2.4.0

Служебная программа обслуживания программ Microsoft (R), версия 14.29.30139.0
(C) Корпорация Майкрософт (Microsoft Corporation). Все права защищены.

    tempfile.bat

Created config.h from config.hw
cl.exe @C:\Users\user\AppData\Local\Temp\nm494B.tmp
cl: командная строка warning D9035: использование параметра "GX" нежелательно, он будет удален в следующих выпусках
cl: командная строка warning D9036: используйте "EHsc" вместо "GX"
ne_alloc.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_auth.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_basic.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_compress.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_dates.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_i18n.c
ne_md5.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_pkcs11.c
ne_redirect.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_request.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_session.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_socket.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_socks.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_sspi.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_string.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_uri.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_utils.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_207.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_xml.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_xmlreq.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
Создание кода...
Компиляция...
ne_oldacl.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_acl3744.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_props.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_locks.c
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1912): warning C4005: snprintf: изменение макроопределения
C:\NEON\neon-0.32.2\src\config.h(62): note: см. предыдущее определение "snprintf"
C:\Program Files (x86)\Windows Kits\10\include\10.0.19041.0\ucrt\stdio.h(1914): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration
ne_stubssl.c
Создание кода...
NMAKE : fatal error U1077: "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\bin\HostX86\x86\cl.exe" : возвращенный код "0x2"
Stop.

In the /docs folder, I see a lot of .xml files. How am I able to read them properly?

Describe the bug
If KRB5_CONFIG is set as an environment variable, configure fails to execute the krb5-config program and shows an error message instead. The configure script should use a different variable name or make sure to overrides the variable properly, because KRB5_CONFIG is a reserved variable name for MIT Kerberos (see https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html).

Lines of code exhibiting the error:

Environment

• neon version: master
• OS: Debian 11

To Reproduce
export KRB5_CONFIG=/home/mtdcr/.krb5.conf; ./autogen.sh; ./configure

Debugging output

checking for krb5-config... /home/mtdcr/.krb5.conf
./configure: line 7346: /home/mtdcr/.krb5.conf: Permission denied
./configure: line 7347: /home/mtdcr/.krb5.conf: Permission denied

Neon 0.32.2 + GnuTLS 3.7.3 + PaKChoiS 0.4 fails test ssl:pkcs11:
(Gentoo GNU/Linux, x86_64)

uri-tests............. 15/15 passed 
util-tests............  9/ 9 passed 
string-tests.......... 31/32 SKIPPED - strhash_sha_512_256 (SHA-2-512/256 not supported)
string-tests.......... 31/32 passed (1 skipped) 
socket................  8/47 WARNING: reverse lookup for 127.0.0.1 got '...'
socket................ 47/47 passed (1 warning)
session...............  8/ 8 passed 
request............... 92/92 passed 
auth..................  9/21 SKIPPED - digest_sha512_256 (SHA-512/256 not supported)
auth.................. 20/21 passed (1 skipped) 
basic................. 11/11 passed 
stubs.................  1/ 1 passed 
redirect..............  6/ 6 passed 
socket-ssl............  9/48 WARNING: reverse lookup for 127.0.0.1 got '...'
socket-ssl............ 48/48 passed (1 warning)
ssl................... 13/63 WARNING: no friendly name given
ssl................... 62/63 server child failed (pkcs11): SSL accept failed: SSL error: Certificate is required.
ssl................... 62/63 FAIL - pkcs11 (line 277: HTTP error:
Could not read status line: connection was closed by server)
ssl................... 63/63 server child failed (pkcs11_dsa): SSL accept failed: SSL error: Certificate is required.
ssl................... 63/63 XFAIL - pkcs11_dsa (line 277: HTTP error:
Could not read status line: connection was closed by server)
ssl................... 62/63 passed, 1 failed (1 warning)
compress.............. 22/22 passed 
xml...................  5/ 5 passed 
xmlreq................  3/ 3 passed 
oldacl................  4/ 4 passed 
acl3744...............  4/ 4 passed 
props.................  7/ 7 passed 
lock.................. 16/16 passed 
make[1]: *** [Makefile:74: check] Error 1

When using GnuTLS 3.7.3 and support for PKCS#11 is disabled, then test ssl:pkcs11 and another test are skipped:

uri-tests............. 15/15 passed 
util-tests............  9/ 9 passed 
string-tests.......... 31/32 SKIPPED - strhash_sha_512_256 (SHA-2-512/256 not supported)
string-tests.......... 31/32 passed (1 skipped) 
socket................  8/47 WARNING: reverse lookup for 127.0.0.1 got '...'
socket................ 47/47 passed (1 warning)
session...............  8/ 8 passed 
request............... 92/92 passed 
auth..................  9/21 SKIPPED - digest_sha512_256 (SHA-512/256 not supported)
auth.................. 20/21 passed (1 skipped) 
basic................. 11/11 passed 
stubs.................  1/ 1 passed 
redirect..............  6/ 6 passed 
socket-ssl............  9/48 WARNING: reverse lookup for 127.0.0.1 got '...'
socket-ssl............ 48/48 passed (1 warning)
ssl................... 13/63 WARNING: no friendly name given
ssl................... 62/63 SKIPPED - pkcs11 (pakchois library required for PKCS#11 support)
ssl................... 63/63 SKIPPED - pkcs11_dsa (pakchois library required for PKCS#11 support)
ssl................... 61/63 passed (2 skipped) (1 warning)
compress.............. 22/22 passed 
xml...................  5/ 5 passed 
xmlreq................  3/ 3 passed 
oldacl................  4/ 4 passed 
acl3744...............  4/ 4 passed 
props.................  7/ 7 passed 
lock.................. 16/16 passed

When using OpenSSL 1.1.1m + PaKChoiS 0.4, then test ssl:pkcs11 passes:

uri-tests............. 15/15 passed 
util-tests............  9/ 9 passed 
string-tests.......... 32/32 passed 
socket................  8/47 WARNING: reverse lookup for 127.0.0.1 got '...'
socket................ 47/47 passed (1 warning)
session...............  8/ 8 passed 
request............... 92/92 passed 
auth.................. 21/21 passed 
basic................. 11/11 passed 
stubs.................  1/ 1 passed 
redirect..............  6/ 6 passed 
socket-ssl............  9/48 WARNING: reverse lookup for 127.0.0.1 got '...'
socket-ssl............ 22/48 SKIPPED - ssl_session_id (zero-length session ID, cannot test further)
socket-ssl............ 47/48 passed (1 skipped) (1 warning)
ssl................... 63/63 server child failed (pkcs11_dsa): SSL accept failed: SSL error: peer did not return a certificate
ssl................... 63/63 XFAIL - pkcs11_dsa (line 277: HTTP error:
Could not read status line (TLS client certificate was requested): SSL error: tlsv13 alert certificate required)
ssl................... 63/63 passed 
compress.............. 22/22 passed 
xml...................  5/ 5 passed 
xmlreq................  3/ 3 passed 
oldacl................  4/ 4 passed 
acl3744...............  4/ 4 passed 
props.................  7/ 7 passed 
lock.................. 16/16 passed

Describe the bug
Running LIBTOOLIZE=glibtoolize ./autogen.sh on macOS:

-n libtoolize...
-n aclocal...
-n autoheader...
-n autoconf...
okay.

-n should not be printed. It is happening because you are using echo -n, which is not POSIX. To print a line without a following newline, use printf (which is POSIX) instead of echo -n.

Environment

• neon version: master
• OS: macOS
• SSL library version: N/A

To Reproduce
Run LIBTOOLIZE=glibtoolize ./autogen.sh on macOS.

Debugging output
N/A

Describe the bug
It appears that CONNECT authentication broke in 0.32 since the "*" request-URI is not treated as inside the Basic auth scope for proxy auth.

Environment

• neon version: 0.32.1

To Reproduce
SSL via proxy auth

Debugging output
e.g. for auth_proxy_tunnel in ssl.c - which is not actually testing the auth response

auth: Sending 'Basic' response.
auth: '443' is inside auth domain: 0.
Sending request headers:
CONNECT localhost:443 HTTP/1.1
Connection: TE
TE: trailers
Host: localhost

Hi,

my webdav server reports non-ascii characters in the propery find response:

<D:response> <D:href>/webdav.php/[email protected]/storage/blä/</D:href> <D:propstat> <D:prop> <D:resourcetype> <D:collection /> </D:resourcetype> <D:getcontenttype>httpd/unix-directory</D:getcontenttyp Jun 02 09:37:31 Burgknecht mount.davfs[15822]: e> <D:creationdate>Fri, 02 Jun 2023 07:10:57 +0000</D:creationdate> <D:getlastmodified>Fri, 02 Jun 2023 07:10:57 +0000</D:getlastmodified> <D:getetag>W/"69f8fe67e70f13b465bcf63e4f34ad8b"</D:getetag> </D:prop> <D:status>HTTP/1.1 200 OK</D:status> </D:propstat> </D:response>

Is there any work around for this? Thank you!

Guido

Update Basic auth support for RFC 7617, specifically the new scoping rules.

Also charset, though unclear whether it's necessary to do anything here.

Describe the bug
Multiple failures in EOF handling (may be related to #27) running socket-ssl tests when built against OpenSSL 3.0.0 alpha 16:

13. read_close............ FAIL (read got error not closure: `SSL error: unexpected eof while reading')
14. peek_close............ FAIL (peek gave -1 not closure)
15. single_read........... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
16. single_peek........... pass
17. small_reads........... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
18. read_and_peek......... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
19. larger_read........... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
20. ssl_session_id........ SKIPPED (zero-length session ID, cannot test further)
21. cipher................ FAIL (read got error not closure: `SSL error: unexpected eof while reading')
22. line_simple........... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
23. line_closure.......... FAIL (readline got -1 not EOF: SSL error: unexpected eof while reading)
24. line_empty............ FAIL (read got error not closure: `SSL error: unexpected eof while reading')
25. line_toolong.......... pass
26. line_overflow......... pass
27. line_mingle........... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
28. line_chunked.......... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
29. line_long_chunked..... pass
30. small_writes.......... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
31. large_writes.......... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
32. large_writev.......... FAIL (read got error not closure: `SSL error: unexpected eof while reading')
33. echo_lines............ pass
34. blocking.............. pass
35. prebind............... pass
36. error................. pass
37. ssl_closure........... pass
38. ssl_truncate.......... FAIL (socket got error -1 not truncation: `SSL error: unexpected eof while reading')

Plus similar with ssl, and then auth_tunnel_creds hangs:

14. simple_eof............ FAIL (request failed: Could not read response body: SSL error: unexpected eof while reading)
15. empty_truncated_eof... FAIL (request failed: Could not read response body: SSL error: unexpected eof while reading)
...
57. auth_tunnel_creds..... 

Environment

• neon version: 0.31.2
• OS: Linux
• SSL library version: OpenSSL 3.0.0-alpha16

Describe the bug

I want to connect to a WebDAV server via HTTPS (bitrix24.net). I suspect the server admins changed the config on their side, because it used to work until recently. Access with the Linux file browser Dolphin still works, but tools which make use of libneon, such as cadaver or mount.davfs, can no longer connect. They fail with Could not authenticate to server: legacy Digest challenge not supported.

I noticed that NE_AUTH_LEGACY_DIGEST is disabled by default, even when NE_AUTH_ALL is set. When I recompile a hacked libneon with this auth method enabled, then authentication fails with Could not authenticate to server: could not handle non-ASCII username in Digest challenge. The username is an email address containing only ASCII characters (including ., _, and @).

Environment

• neon version: 0.32.2
• OS: Kubuntu 22.04
• SSL library version: OpenSSL 3.0.2

To Reproduce

One needs a Bitrix24 account to reproduce, I guess. This is the only server where I have noticed this issue. So not straightforward to reproduce, sorry. But I am willing to provide whatever debug info is required.

Debugging output
This is the debug output of ne_debug_init(stderr, NE_DBG_HTTPAUTH);:

auth: Create for WWW-Authenticate
auth: Post-send (#0), code is 401 (want 401), WWW-Authenticate is Digest realm="Bitrix Site Manager", nonce="6cbf91f91941c"
auth: Got challenge (code 401).
auth: Got 'Digest' challenge.
auth: Trying Digest challenge...
auth: No challenges accepted.
Could not open collection:
Could not authenticate to server: legacy Digest challenge not supported

I have a customer that needs cookie support in his FOSS WebDAV-client. It is a long stack and on the bottom is neon. I wonder on what layer I should implement that on.

neon has a history of adding and removing cookie support. I feel cookie support is orthogonal to WebDAV and should be implemented elsewhere, but if cookie-support is in demand in neon, I would implement it here. Please let me know if you're interested.

Describe the bug
A few deprecation warnings when building against OpenSSL 3.0 should be addressed:

ne_md5.c: In function 'ne_md5_create_ctx':
ne_md5.c:377:5: warning: 'MD5_Init' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  377 |     if (MD5_Init(&ctx->ctx) != 1) {
      |     ^~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:49:27: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);
      |                           ^~~~~~~~
ne_md5.c: In function 'ne_md5_process_block':
ne_md5.c:388:5: warning: 'MD5_Update' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  388 |     MD5_Update(&ctx->ctx, buffer, len);
      |     ^~~~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
ne_md5.c: In function 'ne_md5_process_bytes':
ne_md5.c:394:5: warning: 'MD5_Update' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  394 |     MD5_Update(&ctx->ctx, buffer, len);
      |     ^~~~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
ne_md5.c: In function 'ne_md5_finish_ctx':
ne_md5.c:399:5: warning: 'MD5_Final' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  399 |     MD5_Final(resbuf, &ctx->ctx);
      |     ^~~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);
      |                           ^~~~~~~~~
ne_md5.c: In function 'ne_md5_reset_ctx':
ne_md5.c:411:5: warning: 'MD5_Init' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  411 |     MD5_Init(&ctx->ctx);
      |     ^~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:49:27: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);
      |                           ^~~~~~~~

and

ne_md5.c: In function 'ne_md5_create_ctx':
ne_md5.c:377:5: warning: 'MD5_Init' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  377 |     if (MD5_Init(&ctx->ctx) != 1) {
      |     ^~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:49:27: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);
      |                           ^~~~~~~~
ne_md5.c: In function 'ne_md5_process_block':
ne_md5.c:388:5: warning: 'MD5_Update' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  388 |     MD5_Update(&ctx->ctx, buffer, len);
      |     ^~~~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
ne_md5.c: In function 'ne_md5_process_bytes':
ne_md5.c:394:5: warning: 'MD5_Update' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  394 |     MD5_Update(&ctx->ctx, buffer, len);
      |     ^~~~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
ne_md5.c: In function 'ne_md5_finish_ctx':
ne_md5.c:399:5: warning: 'MD5_Final' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  399 |     MD5_Final(resbuf, &ctx->ctx);
      |     ^~~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);
      |                           ^~~~~~~~~
ne_md5.c: In function 'ne_md5_reset_ctx':
ne_md5.c:411:5: warning: 'MD5_Init' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  411 |     MD5_Init(&ctx->ctx);
      |     ^~~~~~~~
In file included from ne_md5.c:34:
/usr/include/openssl/md5.h:49:27: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);
      |                           ^~~~~~~~

when i use a same session (ne_session_create with a host), and everytime i use post, i create a request once and destory it imedially.

i often encounter the 'could not reslo ehostname' error, and after a while, it will be right by itself.

why this error happen? How can we avoid this kind of mistake?

Looks like on generate man page xmlto shows some warnings

[tkloczko@pers-jacek neon-0.32.5]$ make
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/neon-0.32.5/src'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/neon-0.32.5/src'
rm -rf doc/man; mkdir -p doc/man
xmlto -o `pwd`/doc/man -x ./doc/man.xsl man ./doc/manual.xml
warning: failed to load external entity "/home/tkloczko/rpmbuild/BUILD/neon-0.32.5/doc/date.xml"
warning: failed to load external entity "/home/tkloczko/rpmbuild/BUILD/neon-0.32.5/doc/version.xml"

Since the change b19bb81, neon now calls SSL_shutdown twice. Indeed, this seems to be the right thing to do. Unfortunately it causes a hang when closing a connection to login.live.com. It's very well possible that it's a server-side issue. I'm posting it anyway, in case others face the problem, as this is a major server.

A simple code to reproduce the problem:

ne_session * session = ne_session_create("https", "login.live.com", 443);
ne_ssl_set_verify(session, dummy_verify, 0);
ne_request * request = ne_request_create(session, "GET", "/");
ne_request_dispatch(request);
ne_request_destroy(request);
ne_session_destroy(session);

dummy_verify can be a dummy function like:

int dummy_verify(void *, int, const ne_ssl_certificate *)
{
    return 0;
}

The code hangs in ne_session_destroy, in the second call to SSL_shutdown (it times out eventually).

Built against OpenSSL 1.1.1e.

Describe the bug
I'm configuring a new device with my previous configuration, and there seems to be a feature regression. Neon (within davfs2) looks to be skipping Negotiate authentication challenges on my new device. Specifically, on the impacted environment, Neon looks to be ignoring the Negotiate challenge in the WWW-Authenticate header. Here's a short snippet of logging output.

Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: Reading 381 bytes of response body.
Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: Got 381 bytes.
Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: Running post_send hooks
Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: auth: Post-send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate, Basic realm="Corporate Login"
Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: auth: Got challenge (code 401).
Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: auth: Got 'Basic' challenge.
Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: auth: Trying Basic challenge...
Jan 17 17:11:43 my.fqdn.host.name mount.davfs[42476]: auth: Basic auth scope is: /mnt/

Interestingly enough, my previous device is not impacted by this - it seems to be performing Kerberos auth just fine. It's running a different version of neon/different OS, but I'm not sure if that's the issue at-hand here. Here's a snippet from those logs, note how the Negotiate challenge is tried first (truncated because it's a real token and davfs2 works thereafter):

Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: Reading 381 bytes of response body.
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: Got 381 bytes.
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: Running post_send hooks
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: ah_post_send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate, Basic realm="ANT (Windows) Login"
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: auth: Got challenge (code 401).
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: auth: Got 'Negotiate' challenge.
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: auth: Got 'Basic' challenge.
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: auth: Trying Negotiate challenge...
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: gssapi: init_sec_context OK. (major=1)
Jan 17 17:10:28 old-pc-hostname mount.davfs[70265]: gssapi: Output token: [YIIKvwYJKoZIhvcSAQIC...

davfs2 has informed its users that it does not set Kerberos-specific settings, and that all transport-related behavior is within neon. It can provide credentials to neon, but neither environment is configured to do so.

Impacted Environment

• neon version: 0.32.2-1
• OS: Ubuntu 22.04
• SSL library version: OpenSSL 3.0.2 15 Mar 2022

Unimpacted Environment

• neon version: 0.30.2-4
• OS: Ubuntu 20.04
• SSL library version: OpenSSL 1.1.1f 31 Mar 2020

To Reproduce

1. Install Ubuntu 22.04
2. Install davfs2 and libneon27
3. Configure Ubuntu for Kerberos logon with sssd
4. Connect davfs2 to a webdav endpoint using Kerberos authentication
5. Observe that davfs2 is unable to perform Kerberos authentication

Debugging output

Is this now considered the official repository?

Some users set AR, RANLIB etc. variables to requested tools (e.g. AR="x86_64-pc-linux-gnu-ar" and RANLIB="x86_64-pc-linux-gnu-ranlib").

Handling of these variables is not too good in Neon. See: https://bugs.gentoo.org/728218

Sergei Trofimovich attached this patch:

--- a/macros/neon.m4
+++ b/macros/neon.m4
@@ -806,11 +806,11 @@ AC_DEFUN([NE_FIND_AR], [
 
 # Search in /usr/ccs/bin for Solaris
 ne_PATH=$PATH:/usr/ccs/bin
-AC_PATH_TOOL(AR, ar, notfound, $ne_PATH)
+AC_CHECK_TOOL(AR, ar, notfound, $ne_PATH)
 if test "x$AR" = "xnotfound"; then
    AC_MSG_ERROR([could not find ar tool])
 fi
-AC_PATH_TOOL(RANLIB, ranlib, :, $ne_PATH)
+AC_CHECK_TOOL(RANLIB, ranlib, :, $ne_PATH)
 
 ])

AC_PATH_TOOL macro rejects non-absolute values of variables.

Besides above:
src/Makefile.in sets these variables actually used in this file:

AR = @AR@
RANLIB = @RANLIB@

test/Makefile.in sets these variables not used in this file:

AR = ar
RANLIB = @RANLIB@

They can be dropped, but if you prefer to keep them, then AR assignment should be corrected (AR = @AR@).

https://gnutls.org/manual/html_node/Hash-and-HMAC-functions.html

Currently the docs are the only thing still hosted on webdav.org, these need to be moved to either github.io or somewhere else (readthedocs.io? difficult to convert from docbook to markdown)

Describe the bug

for d in ./doc/html/*.html; do \
	/usr/bin/install -c -m 644 $d /sw/build.build/root-neon27-0.31.2-1/sw/share/doc/neon27/html; \
done
install: ./po/cs.gmo: No such file or directory
install: ./po/de.gmo: No such file or directory
...

Environment

• neon version: [e.g. 0.31.2]
• OS: macOS
• SSL library version: OpenSSL 1.1.1k

To Reproduce
Configuring with these options:

	--with-libxml2 \
	--with-ssl=openssl \
	--without-egd \
	--enable-shared \
	--disable-static \
	--with-ca-bundle=%p/etc/ssl/certs/ca-bundle.crt \
	--without-pakchois

then running make; make docs; make install and get the above failure.

Debugging output
.gmo files are created by the compile-gmo target, but nothing calls that target, so when make install calls make install-nls-yes, the process fails.
install-nls-yes should depend on compile-gmo or something similar.

RFC2617 is out for two decades; 2069-style Digest auth should not be supported for NE_AUTH_DEFAULT in 0.32.

An NE_AUTH_WEAK_DIGEST or similar can be defined to restore it explicitly.

I believe that neon 0.32.3, particularly 2b8e2e4, broke RFC 2617 compliance.

The algorithm parameter of Digest challenge is optional and defaults to MD5, according to section 3.2.1 of RFC 2617:

A string indicating a pair of algorithms used to produce the digest and a checksum. If this is not present it is assumed to be "MD5".

In neon 0.32.3 the absence of the parameter results in

unknown algorithm in Digest challenge

I believe that it's because in 0.32.3, the alg defaults to null, what is the same value as is used when algorithm has unknown value.

While in 0.32.2 the alg defaulted to 0, what is auth_alg_md5. But when algorithm has unknown value, the alg is auth_alg_unknown.

Thanks for keeping neon up to date!

cppcheck found an issue:
Result of operator '|' is always true if one operand is non-zero. Did you intend to use '&'?

While NE_AUTH_DIGEST is defined to 0x0002 the check in ne_auth.c line 1621 will always be true.
Is this really intended?
I would prefer a check like the ones above
if ((protomask & NE_AUTH_DIGEST) == NE_AUTH_DIGEST) {
}
Should I make a pull request?

Describe the bug
When running ./autogen.sh on macOS:

./autogen.sh: line 16: libtoolize: command not found
./autogen.sh: line 19: libtoolize: command not found

On macOS, it's called glibtoolize.

I can overcome it by running LIBTOOLIZE=glibtoolize ./autogen.sh but I shouldn't have to do that. Other projects figure it out automatically.

Environment

• neon version: master
• OS: macOS
• SSL library version: N/A

To Reproduce
Run ./autogen.sh on macOS

Debugging output
N/A

when sending large files, i'm always hitting the 128 response limit since updating from ubuntu 20 to 22 (which i guess has updated my cadaver/neon version). is it possible to/would you accept PRs to make this limit configurable or removeable?

thanks!

When downloading many small files from Synology WebDAV server, neon causes hang while downloading.
I tried with 100-200 of 100KB-200KB files on Synology DS-120J, and hang happens after 80-100 downloads.
It maybe the Synology problem, because it works well with other servers such as Box.
After some time (around 20 min), it works again.

I set NE_SESSFLAG_PERSIST to 0 and timeout.

ne_set_session_flag(session, NE_SESSFLAG_PERSIST, 0);
ne_set_connect_timeout(session, 4);
ne_set_read_timeout(session, 4);`

Built with OpenSSL 1.1.1g.

neon also hangs if Synology server shuts down while downloading.

Any workarounds?

Describe the bug
When trying to build neon according to the instruction in INSTALL.win32 the c compiler returns with an error and the build failed.

Environment

• neon version: 0.32.5
• OS: Microsoft Windows 10 (Version 21H2)

To Reproduce
When running nmake /f neon.mak i got the following output:

Microsoft (R) Program Maintenance Utility, Version 14.29.30146.0
Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten.

        cl.exe @C:\Users\EW\AppData\Local\Temp\nmC368.tmp
ne_alloc.c
ne_auth.c
src\ne_auth.c(370): error C2146: Syntaxfehler: Fehlendes ")" vor Bezeichner "NE_FMT_TIME_T"
ne_basic.c
ne_compress.c
ne_dates.c
ne_i18n.c
ne_md5.c
ne_pkcs11.c
ne_redirect.c
ne_request.c
ne_session.c
ne_socket.c
src\ne_socket.c(1442): warning C4133: "Funktion": Inkompatible Typen - von "int *" zu "const char *"
src\ne_socket.c(1567): warning C4133: "Funktion": Inkompatible Typen - von "int *" zu "const char *"
ne_socks.c
ne_sspi.c
src\ne_sspi.c(358): warning C4090: "return": Unterschiedliche "const"-Qualifizierer
ne_string.c
ne_uri.c
ne_utils.c
ne_stubssl.c
Code wird generiert...
NMAKE : fatal error U1077: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.29.30133\bin\HostX86\x86\cl.exe"": Rückgabe-Code "0x2"
Stop.

The error here seems to be in the file src\ne_auth.c, in line 370: The compiler expects a closing parenthesis before the identifier NE_FMT_TIME_T.

If the server sends multiple Digest challenges these should be tried in strength order. Currently the ordering is only by protocol (i.e. Digest > Basic) but not by algorithm strength within that protocol.

What commands would I use to just build the library on a non-windows platform? I couldn't find any instructions

Describe the bug
A fink user has reported that even when libintl and libiconv are available (via fink), neon's ./configure does not detect that i18n support is available. He's running OS X 10.15 (Xcode 12.4), which has -Werror-implicit-function-declaration by default. On older Xcode, it i18n is detected properly, but I can reproduce the non-detection by passing that -W via CFLAGS.

Environment

• neon version: 0.32.1
• OS: OS X 10.15

Debugging output
Compare config.log with that -Werror:

configure:17472: gcc -o conftest -Os -Werror-implicit-function-declaration  -MD -I/sw/include -no-cpp-precomp -I/sw/include -I/sw/include -I/sw/include/libxml2 -I/sw/include -Wl,-dead_strip_dylibs -L/sw/lib conftest.c  -lintl  -lz -L/sw/lib -lssl -lcrypto -dynamic -Wl,-search_paths_first -lkrb5 -L/sw/lib -lproxy -L/sw/lib -lxml2 >&5
conftest.c:120:1: error: implicit declaration of function 'bindtextdomain' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
bindtextdomain();
^
1 error generated.
configure:17472: $? = 1
[...]
configure:17502: result: not found

vs without:

configure:17472: gcc -o conftest -Os  -MD -I/sw/include -no-cpp-precomp -I/sw/include -I/sw/include -I/sw/include/libxml2 -I/sw/include -Wl,-dead_strip_dylibs -L/sw/lib conftest.c  -lintl  -lz -L/sw/lib -lssl -lcrypto -dynamic -Wl,-search_paths_first -lkrb5 -L/sw/lib -lproxy -L/sw/lib -lxml2 >&5
conftest.c:120:1: warning: implicit declaration of function 'bindtextdomain' is invalid in C99 [-Wimplicit-function-declaration]
bindtextdomain();
^
1 warning generated.
configure:17472: $? = 0
configure:17502: result: -lintl

This is another case like #45, and the same type of solution works: putting in neon.m4's NE_SEARCH_LIBS:

    bindtextdomain)
      ne__prologue="#include <libintl.h>"                                       
      ne__code="bindtextdomain(\"\",\"\");"
      ;;

openssl 1.1.1h has been released, with this short release notes:

 5+- Update to 1.1.1h
 6+  * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used
 7+  * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts
 8+- refresh openssl-fips_selftest_upstream_drbg.patch
 9+  * DRBG internals got renamed back:
10+    reseed_gen_counter  -> generate_counter
11+    reseed_prop_counter -> reseed_counter

Neon (up to current master, rev 0bdf346 fails to pass the test suite with this version openssl:

socket-ssl............ 21/46 SKIPPED - ssl_session_id (zero-length session ID, cannot test further)
socket-ssl............ 45/46 passed (1 skipped) 
ssl................... 52/64 FAIL - fail_ca_notyetvalid (no error in verification callback; request rv 0 error string: 200 OK)
ssl................... 53/64 FAIL - fail_ca_expired (no error in verification callback; request rv 0 error string: 200 OK)
ssl................... 55/64 FAIL - fail_nul_cn (verification flags were 6 not 22)
ssl................... 56/64 FAIL - fail_nul_san (verification flags were 6 not 22)
ssl................... 63/64 WARNING: NSS required for PKCS#11 testing
[   67s] ssl................... 63/64 SKIPPED - pkcs11
ssl................... 64/64 WARNING: NSS required for PKCS#11 testing
[   67s] ssl................... 64/64 SKIPPED - pkcs11_dsa
ssl................... 58/64 passed, 4 failed (2 skipped) (2 warnings)

Test environment: openSUSE Tumbleweed, openssl 1.1.1h integration test project

Describe the bug
cloned neon project
./autogen.sh
./configure.sh --with-ssl
make
sudo make install

ends with

/usr/bin/install -c -d /usr/local/share/man/man3
/usr/bin/install -c -d /usr/local/share/man/man1
for m in doc/man/*.3; do \
 /usr/bin/install -c -m 644 $m /usr/local/share/man/man3; done
/usr/bin/install: cannot stat 'doc/man/*.3': No such file or directory
make: *** [Makefile:139: install-man] Error 1

Environment

• neon version: [master/]473bc206ffa5375862aaea9789c79114a5897f3b
• OS: [Debian 11.6]
• SSL library version: [] SSL library: SSL support enabled, using OpenSSL 1.1.1n

To Reproduce
git checkout 473bc20
then do all build process untill
sudo make install

Describe the bug
I use neon with davfs2 to connect to webdavs using a (long) token for password. So I need to alter the buffer size for password.
When trying to connect to webdav after changing NE_ABUFSIZ (512) in ne_auth.c, i get a *** stack smashing detected *** error.

Environment

• neon version: 0.31.2
• OS: Ubuntu 20.04
• SSL library version: OpenSSL 1.1.1f

To Reproduce
Build with the following code :

#!/bin/bash

# Build and install neon
export NEON_VERSION=0.31.2
wget https://github.com/notroj/neon/archive/$NEON_VERSION.tar.gz
tar -zxvf $NEON_VERSION.tar.gz

cd ./neon-$NEON_VERSION

# Patch buffer
sudo sed -i 's/NE_ABUFSIZ (256)/NE_ABUFSIZ (512)/g' ./src/ne_auth.h

./autogen.sh && ./configure --prefix=/usr \
    --with-ssl \
    --enable-shared \
    --disable-static &&
    make &&
    sudo make install

cd ..

# Build and install davfs2
export DAVFS2_VERSION=1.6.0
wget http://download.savannah.nongnu.org/releases/davfs2/davfs2-1.6.0.tar.gz
tar -zxvf davfs2-$DAVFS2_VERSION.tar.gz
cd davfs2-$DAVFS2_VERSION

./configure &&
    make &&
    sudo make install

try to mount a webdav share with a long password

Debugging output
*** stack smashing detected ***: terminated

Crash in ne_path_escapef

Environment

• neon version: 0.33.0
• OS: Fedora 39
• SSL library version: OpenSSL 3.1.1

To Reproduce
Can't

Debugging output

Program terminated with signal SIGSEGV, Segmentation fault.
#0  ne_path_escapef (path=0x0, flags=<optimized out>) at ne_uri.c:497
497	    for (pnt = (const unsigned char *)path; *pnt != '\0'; pnt++) {
Missing separate debuginfos, use: dnf debuginfo-install davfs2-1.7.0-3.fc39.x86_64
(gdb) q

pnt isn't checked for NULL before using it.

Describe the bug
While trying to connect to a WebDAV server, I'm getting this error message:

Could not authenticate to server: ignoring empty Negotiate continuation, rejected NTLM challenge

Environment

• neon version: 7f7c94e
• OS: Debian
• SSL library version: OpenSSL 1.1.1n
• davfs2 recompiled to use latest libneon

To Reproduce

mount -t davfs https://fsstud.ruhr-uni-bochum.de/<hidden> /mnt/rub/

Debugging output
Please instruct me how to.

https://travis-ci.org/github/notroj/neon/jobs/696565306

ifdef-out the test if necessary.

ssl................... 55/63 FAIL - fail_nul_san (no error in verification callback; request rv 1 error string: Certificate verification error: signed using insecure algorithm)

Describe the bug
I am new in this lib, and I can not know how to use this pretty lib... Could you please add the install and api doc?