On Mon, 13 Dec 2021, Howard Chu via curl-library wrote:
- Reject: before attempting connection.
Probably this, since RFC 4516 doesn't specify that userinfo is valid in an
LDAP URL. RFC 4516 seems to assume that if authentication is going to be
done, it is configured elsewhere in a client and so doesn't need to be part
of URLs themselves.
I agree. If the spec doesn't allow it and there's no history or other usage of
this in other (well known) applications, then rejecting such URLs as early as
possible seems like the right choice to me.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
