[ANN] httpclient 2.1.3-RC

ruby-talk
1

Hi all,

I'm working on releasing httpclient/2.1.3. 'httpclient' gives
something like the functionality of libwww-perl (LWP) in Ruby.
'httpclient' formerly known as 'http-access2'. See
http://dev.ctor.org/httpclient/ for more detail.

httpclient / http-access2 users, would you please test the RC with
your application and let me know if you have any problem? 2.1.3 will
be released in a few week.

Sorry for [ANN] noise.

Regards,
// NaHi

= Changes in 2.1.3 =

* Features
   * Proxy Authentication for SSL.
   * performance improvements. as fast as RFuzz::HttpClient,
eventmachine and curb for keep-alive sites, and as fast as net/http
for non keep-alive sites. you can get
   * added propfind and proppatch methods.

* Changes
   * avoid unnecessary memory consuming for get_content/post_content
with block. get_content returns nil when you call it with a block.
   * post_content with IO did not work when redirect/auth cycle is
required. (CAUTION: post_content now correctly follows redirection and
posts the given content)
   * exception handling cleanups.
     * raises HTTPClient::ConfigurationError for environment problem
(trying to do SSL without openssl installed for example)
     * raises HTTPClient::BadResponse for HTTP response problem. you
can get the response HTTPMessage returned via $!.res.
     * raises SocketError for connection problem (as same as before).

* Bug fixes
   * avoid unnecessary negotiation cycle for Negotiate(NTLM)
authentication. Thanks Rishav for great support for debugging
Negotiate authentication.
   * get_content/post_content with block yielded unexpected message
body during redirect/auth cycle.
   * relative URI redirection should be allowed from 2.1.2 but it did
not work... fixed.
   * avoid unnecessary timeout waiting when no message body returned
such as '204 No Content' for DAV.
   * avoid blocking on socket closing when the socket is already
closed by foreign host and the client runs under MT-condition.

2

Hi again,

I'm working on releasing httpclient/2.1.3. 'httpclient' gives

  * performance improvements. as fast as RFuzz::HttpClient,
eventmachine and curb for keep-alive sites, and as fast as net/http
for non keep-alive sites.

I'm doing a little benchmark testing. Let me know if you are
interested and know something about it.

Environment:
  HTTP Server:
    Apache/2.2.9 (Ubuntu) mpm-worker
    Ubuntu 8.10 32bit

  HTTP Client:
    Ruby: ruby 1.8.7 (2008-12-04 revision 20478) [i686-linux]
    vendor:
      eventmachine/0.12.2(*)
      rfuzz/0.9
      net/http (svn ruby_1_8)
      httpclient/2.1.3-RC
      open-uri (svn ruby_1_8) (net/http wrapper)
      httparty/0.2.2 (net/http wrapper)
    (*) EM::Protocols::HttpClient2 is not listed below because it does
not work when requests > 20 on my env.

  HTTP Server and HTTP clients runs on the same host.

Benchmark suite:
  http://dev.ctor.org/http-access2/browser/trunk/bench/bm.rb
    proxy = nil
    url = http://127.0.0.1/
    threads = 2
    requests = 250

Result:
  HTTP Server KeeyAlive: Off
                            user system total real
    curb 0.050000 0.420000 0.470000 ( 0.807049)
    RFuzz::HttpClient 0.090000 0.430000 0.520000 ( 0.803075)
    Net::HTTP 0.280000 0.520000 0.800000 ( 1.147281)
    HTTPClient 0.140000 0.800000 0.940000 ( 1.299928)
    open-uri 0.420000 0.880000 1.300000 ( 1.675272)
    HTTParty 0.490000 0.620000 1.110000 ( 1.483024)

  HTTP Server KeeyAlive: On
                            user system total real
    curb 0.100000 0.460000 0.560000 ( 51.170485)
    RFuzz::HttpClient 0.030000 0.580000 0.610000 ( 1.001198)
    Net::HTTP 0.150000 0.490000 0.640000 ( 0.842344)
    HTTPClient 0.140000 0.460000 0.600000 ( 0.801035)
    open-uri 0.740000 0.740000 1.480000 ( 1.870712)
    HTTParty 0.710000 0.880000 1.590000 ( 2.555711)

Considerations:
  1. EM::Protocols::HttpClient2 does not work on my env. Is the
client code right?
  2. curb needs too much 'real' time when connecting to KeepAlive: On
site. Is this expected?
  3. rfuzz and curb are faster than net/http and httpclient when
connecting to KeepAlive: Off site.
  4. net/http and httpclient run almost as fast as rfuzz when
connecting to KeepAlive: On site. Bear in mind that you need to call
Net::HTTP#start and #finish by yourself for keep-alive handling. Just
calling Net::HTTP#get takes 2 times longer than others. Bothersome?
Use others.

At the last, does somebody know how I can read
http://apocryph.org/more_indepth_analysis_ruby_http_client_performance
? I get 'Error establishing a database connection'.

Regards,
// NaHi

···

2008/12/16 NAKAMURA, Hiroshi <nakahiro@gmail.com>:

3

Hi all,

I posted httpclient/2.1.3. This release includes performance
improvements and full RDoc documentation. (See below for more detail)

'httpclient' gives something like the functionality of libwww-perl (LWP)
in Ruby. 'httpclient' formerly known as 'http-access2'.

Features:

* methods like GET/HEAD/POST/* via HTTP/1.1.
* HTTPS(SSL), Cookies, proxy, authentication(Digest, NTLM, Basic), etc.
* asynchronous HTTP request, streaming HTTP request.

* by contrast with net/http in standard distribution;
   * Cookies support
   * MT-safe
   * streaming POST (POST with File/IO)
   * Digest auth
   * Negotiate/NTLM auth for WWW-Authenticate (requires net/htlm module)
   * NTLM auth for Proxy-Authenticate (requires win32/sspi module)
   * extensible with filter interface
   * you don‘t have to care HTTP/1.1 persistent connection (httpclient
     cares instead of you)

* Not supported now
   * Cache
   * Rather advanced HTTP/1.1 usage such as Range, deflate, etc. (of
     course you can set it in header by yourself)

For more detail, see API document at http://dev.ctor.org/doc/httpclient/

Changes in 2.1.3:
* Features
   * Proxy Authentication for SSL.
   * Performance improvements.
   * Full RDoc. Please tell me any English problem. Thanks in advance.
   * Do multipart file upload when a given body includes a File. You
     don't need to set 'Content-Type' and boundary String any more.
   * Added propfind and proppatch methods.

* Changes
   * Avoid unnecessary memory consuming for get_content/post_content
     with block. get_content returns nil when you call it with a block.
   * post_content with IO did not work when redirect/auth cycle is
     required. (CAUTION: post_content now correctly follows redirection
     and posts the given content)
   * Exception handling cleanups.
     * Raises HTTPClient::ConfigurationError for environment problem
       (trying to do SSL without openssl installed for example)
     * Raises HTTPClient::BadResponse for HTTP response problem. you
       can get the response HTTPMessage returned via $!.res.
     * Raises SocketError for connection problem (as same as before).

* Bug fixes
   * Avoid unnecessary negotiation cycle for Negotiate(NTLM)
     authentication. Thanks Rishav for great support for debugging
     Negotiate authentication.
   * get_content/post_content with block yielded unexpected message
     body during redirect/auth cycle.
   * Relative URI redirection should be allowed from 2.1.2 but it did
     not work... fixed.
   * Avoid unnecessary timeout waiting when no message body returned
     such as '204 No Content' for DAV.
   * Avoid blocking on socket closing when the socket is already closed
     by foreign host and the client runs under MT-condition.

Download:
  http://dev.ctor.org/download/httpclient-2.1.3.tar.gz
  http://dev.ctor.org/download/httpclient-2.1.3.zip

sha1sum:
  fd1a755927822573c67806626ffdc9077ae15322 httpclient-2.1.3.tar.gz
  f7733c7ec32a951a62d5bb7aa2c4ab876b405002 httpclient-2.1.3.zip

gem repository:
  'httpclient' at http://dev.ctor.org/download/

Regards,
// NaHi

4

Hi all,

I posted httpclient/2.1.3.1. httpclient/2.1.3.1 fixes a vulnerability
introduced at 2.1.3. httpclient <= 2.1.2 and http-access2 are safe.

get_content/post_content of httpclient/2.1.3 may send secure cookies for
a https site to non-secure (non-https) site when the https site
redirects the request to a non-https site. httpclient/2.1.3 caches
request object and reuses it for redirection. It should not be cached
and recreated for each time as httpclient <= 2.1.2 and http-access2. See
http://dev.ctor.org/http-access2/changeset/259#file2 for more detail.

I realized this bug when I was reading open-uri story on
[ruby-core:21205]. Ruby users should use open-uri rather than using
net/http directly wherever possible.

httpclient/2.1.3 users should update to 2.1.3.1.

'httpclient' gives something like the functionality of libwww-perl (LWP)
in Ruby. 'httpclient' formerly known as 'http-access2'.

Features:

* methods like GET/HEAD/POST/* via HTTP/1.1.
* HTTPS(SSL), Cookies, proxy, authentication(Digest, NTLM, Basic), etc.
* asynchronous HTTP request, streaming HTTP request.

* by contrast with net/http in standard distribution;
   * Cookies support
   * MT-safe
   * streaming POST (POST with File/IO)
   * Digest auth
   * Negotiate/NTLM auth for WWW-Authenticate (requires net/htlm module)
   * NTLM auth for Proxy-Authenticate (requires win32/sspi module)
   * extensible with filter interface
   * you don‘t have to care HTTP/1.1 persistent connection (httpclient
     cares instead of you)

* Not supported now
   * Cache
   * Rather advanced HTTP/1.1 usage such as Range, deflate, etc. (of
     course you can set it in header by yourself)

For more detail, see API document at http://dev.ctor.org/doc/httpclient/

Download:
  http://dev.ctor.org/download/httpclient-2.1.3.1.tar.gz
  http://dev.ctor.org/download/httpclient-2.1.3.1.zip

sha1sum:
  eb2f562835106ec8925edae523cd471fb291e055 httpclient-2.1.3.1.tar.gz
  153d4d7ef5f79ffe90872a0f77fbad60e241e203 httpclient-2.1.3.1.zip

gem is available from official repository.

Regards,
// NaHi