Hey, this aims to replace #761, simpler and not requiring the whole kerberos setup.
I'm checking the CI failures and I'll try to enable a build with gssapi as well, so the new test will run.

Typo in commit message ("impelentation"), otherwise looks very good to me. The copyright dates are set to 2015, no idea if that matters.

Thanks @MarcelRaad! I'll fix those along with some other minor changes I have in mind.
I feel somewhat uncomfortable however about addind a new build to travis as it is now, though on the other hand it would be nice to build both with and without gssapi. Thoughts?

Instinctively, I would just change build type "normal" to include --with-gssapi and let the debug Travis builds and the autobuilds test the non-gssapi build, but I'm not the Travis expert.

Yea, I think I'll do that (remove the normal linux build) later on.
Meanwhile I've reworked the logic to make it easy to emulate krb5 and ntlm credential by parsing the creds environment variable for mechanism names.
I still have some troubles on server side with multiple round, as it appears 'swsbounce' won't work for more than one since req->partno always starts at 0, I trying to think how to get around this.

Ok, I gave up the usage of 'swsbounce' in favor of a special negotiate handler on the server which increments partno by one for each request with negotiate authorization header on the same test.
BTW, I forgot to clarify, the reason I didn't change "normal" to include --with-gssapi, is because that broke the "normal" build on osx, but we can keep both types and build only "gssapi" on linux.

btw, a slightly different approach, which would work with debug build, could be to add a configuration option to build the stub gss library as a static library and linked to it instead to real gss library so there no need for ld_preload (nor for real gss package).

Update: I've rebased on master, and moved the memory-leak fix to another PR.

and moved the memory-leak fix to another PR

That was silly as now the corresponding test (2057) fails. I'll re-borrow that commit.

I'll re-borrow that commit.

You don't need to, I'm just about to merge it.

I merged the two PRs fixing the Travis failures now, so you just need to rebase on current master.

Coverage increased (+0.03%) to 73.267% when pulling 02c86ac on frenche:new_gss_tests into b939542 on curl:master.

(I gave up on the other approach as it has got complicated)
I've updated with some fixups, review appreciated.

Coverage increased (+0.02%) to 73.248% when pulling a57ee53 on frenche:new_gss_tests into b939542 on curl:master.

Sorry for the long delay!

With MSYS2 MSYS (x86_64-pc-msys) as well as Cygwin64 (x86_64-unknown-cygwin), configured with
--disable-debug --enable-curldebug --enable-warnings --enable-werror --enable-optimize --with-libmetalink --with-gssapi,
I get:

CC       libstubgss_la-stub_gssapi.lo
CCLD     libstubgss.la
libtool: warning: undefined symbols not allowed in [x86_64-pc-msys/x86_64-unknown-cygwin] shared libraries; building static only

and then:

test 2056...[HTTP Negotiate authentication (stub krb5)]

 2056: protocol FAILED:
--- log/check-expected  2017-08-24 17:41:24.201908300 +0200
+++ log/check-generated 2017-08-24 17:41:24.200905600 +0200
@@ -2,8 +2,3 @@
 Host: 127.0.0.1:8990[CR][LF]
 Accept: */*[CR][LF]
 [CR][LF]
-GET /2056 HTTP/1.1[CR][LF]
-Host: 127.0.0.1:8990[CR][LF]
-Authorization: Negotiate IktSQjVfQWxpY2UiOkhUVFBAMTI3LjAuMC4xOjE6QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ==[CR][LF]
-Accept: */*[CR][LF]
-[CR][LF]
test 2057...[HTTP Negotiate authentication (stub ntlm)]

 2057: protocol FAILED:
--- log/check-expected  2017-08-24 17:41:24.376379100 +0200
+++ log/check-generated 2017-08-24 17:41:24.372367500 +0200
@@ -2,13 +2,3 @@
 Host: 127.0.0.1:8990[CR][LF]
 Accept: */*[CR][LF]
 [CR][LF]
-GET /2057 HTTP/1.1[CR][LF]
-Host: 127.0.0.1:8990[CR][LF]
-Authorization: Negotiate Ik5UTE1fQWxpY2UiOkhUVFBAMTI3LjAuMC4xOjI6QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ==[CR][LF]
-Accept: */*[CR][LF]
-[CR][LF]
-GET /2057 HTTP/1.1[CR][LF]
-Host: 127.0.0.1:8990[CR][LF]
-Authorization: Negotiate Ik5UTE1fQWxpY2UiOkhUVFBAMTI3LjAuMC4xOjM6QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ==[CR][LF]
-Accept: */*[CR][LF]
-[CR][LF]

Is this expected?

Will try on openSUSE Leap 42.2 SP2 tonight.

Works perfectly on the openSUSE Leap 42.2 SP2 from Windows 10.

Sorry for the delay and thanks for looking at it and for trying it out.

I was able to reproduce the failure on cygwin and I'm looking into it.

I was able to get around the warning by adding -no-undefined to libstubgss_la_LDFLAGS, however the tests still fail since LD_PRELOAD isn't supported. Other tests using LD_PRELOAD fail as well on cygwin.
I think I'd need to detect if LD_PRELOAD is supported, and disable the test in case it isn't. Thoughts?

Hey, I added an exclusion for systems not supporting LD_PRELOAD, as it is currently a requirement.
The gss tests should be skipped now on cygwin. Thanks.

Great! Sorry for being so unresponsive, I've had no internet access at home for the past 11 weeks. That should change tomorrow, so if all goes well, I'd like to merge this tomorrow if there are no objections.

Thank you for working on this!