neon

neon is an HTTP and WebDAV client library, with a C interface. Features:

• High-level wrappers for common HTTP and WebDAV operations (GET, MOVE, DELETE, etc)
Low-level interface to the HTTP request/response engine, allowing the use of arbitrary HTTP methods, headers, etc.
• Authentication support including Basic and Digest support, along with GSSAPI-based Negotiate on Unix, and SSPI-based Negotiate/NTLM on Win32
• SSL/TLS support using OpenSSL or GnuTLS; exposing an abstraction layer for verifying server certificates, handling client certificates, and examining certificate properties. Smartcard-based client certificates are also supported via a PKCS#11 wrapper interface.
• Abstract interface to parsing XML using libxml2 or expat, and wrappers for simplifying handling XML HTTP response bodies
• WebDAV metadata support; wrappers for PROPFIND and PROPPATCH to simplify property manipulation.

neon is free software, distributed under the GNU Library GPL.

Patches, feature requests, bug reports, questions etc. can be sent to the neon mailing list (for which a web archive is also available). The neon-commits list receives commit messages from the Subversion repository.

Current Release

Please note: The neon API is subject to backwards-incompatible change over minor versions (0.24.x -> 0.25.x) but is stable across patch releases (0.24.0 -> 0.24.x).

• Source code: neon-0.28.5.tar.gz
• Reference documention
• Subversion repository

Changes in release neon 0.28.5, 3 July 2009 (PGP signature)

• Enable support for X.509v1 CA certificates in GnuTLS.
• Fix handling of EINTR in connect() calls.
• Fix use of builds with SOCK_CLOEXEC support on older Linux kernels.

Changes in release neon 0.28.4, 3 March 2009 (PGP signature)

• Fix ne_forget_auth (Kai Sommerfeld)
• GnuTLS support fixes:
  • fix handling of PKCS#12 client certs with multiple certs or keys
  • fix crash with OpenPGP certificate
  • use pkg-config data in configure, in preference to libgnutls-config
• Add PKCS#11 support for OpenSSL builds (where pakchois is available)
• Fix small memory leak in PKCS#11 code.
• Fix build on Haiku (scott mc)

Changes in release neon 0.28.3, 20 August 2008 (PGP signature)

• SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in Digest domain parameter support; could allow a DoS by a malicious server
• Fix parsing of *-Authenticate response header with LWS after quoted value
• Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash)
• Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Küng)
• Fix build on Netware (Guenter Knauf)
• Document existing ne_uri_parse() API postcondition and ne_uri_resolve() pre/postconditions regarding the ->path field in ne_uri structures
• Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4.
• Distinguish the error message for an SSL handshake which fails after a client cert was requested.
• Compile with PIC flags by default even for static library builds

Changes in release neon 0.28.2, 3 April 2008 (PGP signature)

• Support "Proxy-Connection: Keep-Alive" for compatibility with HTTP/1.0 proxies which require persistent connections for NTLM authentication
• Fix an fd leak in ne_ssl_{,cli}cert_read (GnuTLS only)
• Enable fast initialization in GnuTLS.

Changes in release neon 0.28.1, 10 March 2008 (PGP signature)

• Fix Win32 build
• Fix build on SCO OpenServer 5.0.x (thanks to Nico Kadel-Garcia)
• Fix handling of Digest domain parameter values without a trailing slash
• Fix build against apr-util's bundled libexpat.la in Subversion
• Add --without-pakchois to configure (Arfrever Frehtes Taifersar Arahesis)
• zh message catalog renamed to zh_CN, translation updated (Dongsheng Song)

Changes in release neon 0.28.0, 8 February 2008 (PGP signature)

• Interface changes:
  • none, API and ABI backwards-compatible with 0.27.x
• New interfaces:
  • ne_pkcs11.h: added basic PKCS#11 support (requires GnuTLS and pakchois)
  • ne_auth.h: added NE_AUTH_ALL and NE_AUTH_DEFAULT constants
  • ne_socket.h: added ne_sock_peer(), ne_sock_prebind(), ne_sock_cipher()
  • ne_session.h: NE_SESSFLAG_TLSSNI flag added; TLS SNI support is enabled by default, where supported; ne_set_localaddr() added
  • ne_request.h: added close_conn hooks (Robert J. van der Boon)
  • ne_basic.h: added ne_options2()
• Other changes:
  • add Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
  • add support for the 'domain' parameter in Digest authentication
  • fix fd leak in ne_sock_connect() error path (Andrew Teirney)
  • the FD_CLOEXEC flag is set on socket fds
  • fix timezone handling in ne_dates for more platforms (Alessandro Vesely)
  • fix ne_simple_propfind() to print XML namespaces in flat property values
  • fix ne_get_range() for unspecified end-range case (Henrik Holst)
  • fix ne_strclean() to be locale-independent and avoid possible Win32 crash
  • fix ne_get_error() to not "clean" localized error strings
  • fix ne_ssl_clicert_read() to fail for client certs missing cert or key
  • Win32: fix build with VS 2008 (Stefan Kueng)
  • Win32: fix neon.mak to not double-quote $(MAKE) (Henrik Holst)
  • improve strength of Digest cnonces in GnuTLS builds

Changes in release neon 0.27.2, 25 September 2007 (PGP signature)

• Fix crash in GSSAPI Negotiate response header verification (regression since 0.26.x)

Release history