neon is an HTTP and WebDAV client library, with a C
- High-level wrappers for common HTTP and WebDAV operations (GET,
MOVE, DELETE, etc)Low-level interface to the HTTP request/response engine, allowing
the use of arbitrary HTTP methods, headers, etc.
- Authentication support including Basic and Digest support, along
with GSSAPI-based Negotiate on Unix, and SSPI-based Negotiate/NTLM on
- SSL/TLS support using OpenSSL or GnuTLS; exposing an abstraction
layer for verifying server certificates, handling client
certificates, and examining certificate properties. Smartcard-based
client certificates are also supported via a PKCS#11 wrapper
- Abstract interface to parsing XML using libxml2 or expat, and
wrappers for simplifying handling XML HTTP response bodies
- WebDAV metadata support; wrappers for PROPFIND and PROPPATCH to
simplify property manipulation.
distributed under the
GNU Library GPL.
Patches, feature requests, bug reports,
questions etc. can be
the neon mailing list (for
which a web
archive is also available). The neon-commits
list receives commit messages from the Subversion repository.
Please note: The neon API is subject to
backwards-incompatible change over minor versions (0.24.x -> 0.25.x)
but is stable across patch releases (0.24.0 -> 0.24.x).
- Don't abort SSL handshake with GnuTLS if a client cert is requested
but none is configured/available (thanks to Patrick Ohly)
- Fix GnuTLS build with Nettle (Arfrever Frehtes Taifersar Arahesis)
- Win32: Fix handling of SSPI challenges (Ivan Zhakov)
- Fix the method string passed to create_request hooks to have the same
lifetime as the request object (Patrick Ohly)
- Docs updates.
- Fix GnuTLS handshakes failures with 'TLS warning alert' (Bryan Cain)
- Further fix for SSPI support on Win32 (Danil Shopyrin)
- Fix SNI support (Tobias Gruetzmacher)
- Fix possible Solaris linker errors if building static library
- Win32: Fix Kerberos authentication support with SSPI (Danil Shopyrin)
- Fix error handling when pulling a request body from an file
(thanks to Lou Montulli)
- Fix ne_request_dispatch() return value for SOCKS proxy failure cases
- Tighten SSL cert ID checks to deny a wildcard match against an IP address
- Change ne_sock_close() to no longer wait for SSL closure alert:
- fixes possible hang with IIS servers when closing SSL connection
- this reverts the behaviour with OpenSSL to match 0.28.x, and
changes the behaviour with GnuTLS to match that with OpenSSL
- Fix memory leak with GnuTLS
- API clarification in ne_sock_close():
- SSL closure handling now documented
- return value semantics fixed to describe the implementation
- Fix spurious 'certificate verify failed' errors with OpenSSL (Tom C)
- Fix unnecessary re-authentication with SSPI (Danil Shopyrin)
- Note that this change was previously listed in the 0.29.1
changes, however the patch had not been merged.
- Fixes for (Unix) NTLM implementation:
- fix handling of session timeout (Kai Sommerfeld)
- fix possible crash (firstname.lastname@example.org)
- Build fixes for Win32:
- fix use of socklen_t with recent SDKs (Stefan Kung)
- fix USE_GETADDRINFO on Win2K (Kai Sommerfeld)
- Fix build with versions of GnuTLS older than 2.8.0.
- Interface changes:
- none, API and ABI backwards-compatible with 0.28.x and 0.27.x
- New interfaces and features:
- added NTLM auth support for Unix builds (Kai Sommerfeld, Daniel Stenberg)
- ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
- added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
- added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
- added support for system-default proxies: ne_session_system_proxy(),
implemented using libproxy where available
- ne_session.h: added NE_SESSFLAG_EXPECT100 session flag, SSL verification
failure bits extended by NE_SSL_BADCHAIN and NE_SSL_REVOKED, better
handling of failures within the cert chain (thanks to Ludwig Nussel)
- ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
- ne_string.h: ne_buffer_qappend(), ne_strnqdup()
- Deprecated interfaces:
- ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
- obsolete feature "NE_FEATURE_SOCKS" now never marked present
- Other changes:
- fix handling of "stale" flag in RFC2069-style Digest auth challenge
- ne_free() implemented as a function on Win32 (thanks to Helge Hess)
- symbol versioning used for new symbols, where supported
- ensure SSL connections are closed cleanly with OpenSSL
- fix build with OpenSSL 1.0 beta
- updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
- SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
could allow a Denial of Service attack by a malicious server.
- SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in
a certificate subject name; could allow an undetected
MITM attack against an SSL server if a trusted CA issues such a cert.
Note: CVE-2009-2474 does affect use of GnuTLS as well as OpenSSL, contrary to previous announcement.
The release history is now archived.