From:  Patrick McManus <>
Date:  08 May 2017 21:16:42 Hong Kong Time

Re: Credentials and connection pools


On Mon, May 8, 2017 at 8:55 AM, Anne van Kesteren  wrote:

> Okay, so instead of failing the connection you fail just the request.
> Are you also saying that only HTTP/1 can have authenticated
> connections at this point?

I am saying fail the request. The disposition of the connection is a
protocol detail depending on the auth details.. It seems for
TLS-client-auth you would need to fail the connection because the http bits
are stalled mid flight, but for something like NTLM you have a clean
resolution to the auth trigger (it came back with a 401 that we're not
going to act on) and the connection could still be used for other requests.

wrt h1 - yes, I believe right now the only client-authenticated connections
are in h1.